Description
SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.
References
https://github.com/TCSWT/School-Faculty-Scheduling-System
ExploitThird Party Advisory
https://github.com/TCSWT/School-Faculty-Scheduling-System
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
Information
Source identifier
Vulnerability status
Modified
Published
2023-08-11T12:15:11.643Z
2 years agoLast modified
2024-11-21T04:28:41.260Z
1 year ago