A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://code-projects.org/ | Product |
https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.287869 | Permissions Required VDB Entry |
https://vuldb.com/?id.287869 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.459083 | Third Party Advisory VDB Entry |
Configurations
History
12 Dec 2024, 17:36
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-12-12 01:40
Updated : 2024-12-12 17:36
NVD link : CVE-2024-12487
Mitre link : CVE-2024-12487
CVE.ORG link : CVE-2024-12487
JSON object : View
Products Affected
fabian
- online_class_and_exam_scheduling_system