CVE-2020-36034

Description

SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.

Related CPE's

aschool_faculty_scheduling_system_projectschool_faculty_scheduling_system1.0*******

References

https://github.com/TCSWT/School-Faculty-Scheduling-System

ExploitThird Party Advisory

https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code

Product

https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html

Product

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io