Lucene search

[email protected]CVE-2024-28094

HistoryMar 07, 2024 - 4:15 a.m.

CVE-2024-28094

2024-03-0704:15:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2024-28094

chat functionality

schoolbox application

sql injection

authenticated attackers

database records

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Chat functionality in Schoolbox application before
version 23.1.3 is vulnerable to blind SQL Injection enabling the
authenticated attackers to read, modify, and delete database records.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Schoolbox",
    "vendor": "Schoolbox Pty Ltd",
    "versions": [
      {
        "lessThan": "23.1.3",
        "status": "affected",
        "version": "0",
        "versionType": "Minor"
      }
    ]
  }
]

References

schoolbox.education/

www.themissinglink.com.au/security-advisories/cve-2024-28094

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-28094

cvelist1 nvd1 prion1