A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Dec 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Oretnom23
Oretnom23 simple Student Attendance System |
|
CPEs | cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:* | |
Vendors & Products |
Oretnom23
Oretnom23 simple Student Attendance System |
MITRE
Status: PUBLISHED
Assigner: VulDB
Published: 2024-02-27T16:00:06.873Z
Updated: 2024-08-01T18:56:22.342Z
Reserved: 2024-02-27T07:37:02.380Z
Link: CVE-2024-1923
Vulnrichment
Updated: 2024-08-01T18:56:22.342Z
NVD
Status : Analyzed
Published: 2024-02-27T16:15:46.057
Modified: 2024-12-06T20:00:46.283
Link: CVE-2024-1923
Redhat
No data.