2 matches found
CVE-2022-3059 SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd
The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...
CVE-2022-3059
The CVE-2022-3059 entry pertains to Schoolbox (version 21.0.2) and describes SQL injection via a vulnerable parameter, exploitable with authenticated or unauthenticated access. The root cause involves stacked queries allowing complex SQL commands, and a sleep-based inferential technique to extrac...