Lucene search

TMLCVELIST:CVE-2024-28094

HistoryMar 07, 2024 - 3:14 a.m.

CVE-2024-28094 Blind SQL Injection in Chat functionality in Schoolbox

2024-03-0703:14:25

CWE-89

TML

www.cve.org

sql injection

schoolbox

chat functionality

cve-2024-28094

database security

authentication

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Chat functionality in Schoolbox application before
version 23.1.3 is vulnerable to blind SQL Injection enabling the
authenticated attackers to read, modify, and delete database records.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Schoolbox",
    "vendor": "Schoolbox Pty Ltd",
    "versions": [
      {
        "lessThan": "23.1.3",
        "status": "affected",
        "version": "0",
        "versionType": "Minor"
      }
    ]
  }
]

References

schoolbox.education/

www.themissinglink.com.au/security-advisories/cve-2024-28094

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-28094