CVE-2024-5381

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/Lanxiy7th/lx_CVE_report-/issues/2", "name": "https://github.com/Lanxiy7th/lx_CVE_report-/issues/2", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/Lanxiy7th/lx_CVE_report-/issues/2", "name": "https://github.com/Lanxiy7th/lx_CVE_report-/issues/2", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.266293", "name": "VDB-266293 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.266293", "name": "VDB-266293 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.266293", "name": "VDB-266293 | itsourcecode Student Information Management System view.php sql injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.266293", "name": "VDB-266293 | itsourcecode Student Information Management System view.php sql injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.344447", "name": "Submit #344447 | Itsourcecode Itsourcecode Student Information Management System in PHP 1.0 index.php SQL injection 1.0 SQL Injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.344447", "name": "Submit #344447 | Itsourcecode Itsourcecode Student Information Management System in PHP 1.0 index.php SQL injection 1.0 SQL Injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266293 was assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-5381", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2024-05-26T23:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:itsourcecode:student_information_management_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-11T15:15Z"}