2 matches found
CVE-2020-35382
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user...
CVE-2020-35382
CVE-2020-35382 affects Classbooking prior to version 2.4.1. It enables SQL Injection through the username field when adding a new user via a CSV, with potential impact to confidentiality and integrity. Remediation: upgrade to 2.4.1 or later; if upgrading isn’t possible, apply mitigations to sanit...