CVE-2024-6731

A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.271449	Third Party Advisory
https://vuldb.com/?ctiid.271449	Permissions Required Third Party Advisory
https://vuldb.com/?submit.374362	Third Party Advisory
https://reports.kunull.net/CVEs/2024/CVE-2024-6731
https://www.sourcecodester.com/

Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:student_study_center_desk_management_system:1.0:*:*:*:*:*:*:*

History

26 Aug 2024, 05:15

Type	Values Removed	Values Added
References	~~{'url': 'https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6731', 'name': 'https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6731', 'tags': ['Exploit'], 'refsource': ''}~~	() https://reports.kunull.net/CVEs/2024/CVE-2024-6731 - () https://www.sourcecodester.com/ -
Summary	A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271449 was assigned to this vulnerability.	A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

19 Aug 2024, 13:27

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oretnom23:student_study_center_desk_management_system:1.0:::::::*
First Time		Oretnom23 student Study Center Desk Management System Oretnom23
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~() https://vuldb.com/?id.271449 -~~	() https://vuldb.com/?id.271449 - Third Party Advisory
References	~~() https://vuldb.com/?ctiid.271449 -~~	() https://vuldb.com/?ctiid.271449 - Permissions Required, Third Party Advisory
References	~~() https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6731 -~~	() https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6731 - Exploit
References	~~() https://vuldb.com/?submit.374362 -~~	() https://vuldb.com/?submit.374362 - Third Party Advisory

06 Aug 2024, 11:16

Type	Values Removed	Values Added
References	~~{'url': 'https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6731', 'name': 'https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6731', 'tags': [], 'refsource': ''}~~	() https://reports-kunull.vercel.app/CVEs/2024/CVE-2024-6731 -

21 Jul 2024, 06:15

Type	Values Removed	Values Added
References	{'url': 'https://reports-kunull.vercel.app/CVE%20research/student-study-center-desk-management-system-save_student', 'name': 'https://reports-kunull.vercel.app/CVE%20research/student-study-center-desk-management-system-save_student', 'tags': [], 'refsource': ''}	() https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6731 -

14 Jul 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-14 22:15

Updated : 2024-08-26 05:15

NVD link : CVE-2024-6731

Mitre link : CVE-2024-6731

JSON object : View

Products Affected

oretnom23

student_study_center_desk_management_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

8.8 /10