CVE-2024-33808
CVE-2024-33808 describes a SQL injection vulnerability in Campcodes Complete Web-Based School Management System 1.0, exploitable via the id parameter of /model/get_timetable.php. The root cause is improper handling of input in the timetable retrieval endpoint, allowing arbitrary SQL execution. Th...