Lucene search

[email protected]NVD:CVE-2024-35355

HistoryMay 30, 2024 - 4:15 p.m.

CVE-2024-35355

2024-05-3016:15:10

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

diño physics school assistant

master.php

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

JSON

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument id can result in SQL injection.

References

vuln.pentester.stream/pentester-vulnerability-research/post/2298724/vuln10-blind-sql-injection-time-based

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

JSON

Related for NVD:CVE-2024-35355

cve1 cvelist1 vulnrichment1