Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/09 8:45 a.m.6 views

CVE-2024-12607

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mjsmgtshoweventtask' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS7.2AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2025/03/07 9:15 a.m.5 views

CVE-2024-12607

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mjsmgtshoweventtask' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS0.00313EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/07 8:21 a.m.9 views

CVE-2024-12607 School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task'

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mjsmgtshoweventtask' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS0.00313EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/07 8:21 a.m.5 views

CVE-2024-12607 School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task'

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mjsmgtshoweventtask' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

6.5CVSS7.5AI score0.00313EPSS
Exploits0References2
CVE
CVE
added 2025/03/07 8:21 a.m.46 views

CVE-2024-12607

CVE-2024-12607 affects the WordPress plugin “School Management System for WordPress.” It is an SQL Injection via the id parameter of the mj_smgt_show_event_task AJAX action in all versions up to and including 92.0.0. Exploitation requires authenticated access at Custom level or higher, enabling a...

6.5CVSS7.5AI score0.00313EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder