CVE-2024-25309
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Feb 9, 2024
Updated: Feb 12, 2024
CWE ID 89
Summary
CVE-2024-25309 is a newly identified vulnerability affecting the Simple School Management System 1.0. This issue permits SQL injection attacks through the 'pass' parameter in the School/teacher_login.php file. An attacker can exploit this flaw by injecting malicious SQL statements, potentially gaining unauthorized access to sensitive data or making modifications to the database. The vulnerability poses a significant risk to organizations that use this software, requiring immediate patching or mitigation measures to prevent potential data breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Code Projects