OpenCVE

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Sourcecodester	Computer Laboratory Management System

No data.

No data.

References

Link	Providers
https://github.com/emirhanmtl/vuln-research/blob/main/SQLi-4-Computer-Laboratory-Management-System-PoC.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-22T00:00:00

Updated: 2024-08-02T01:52:57.333Z

Reserved: 2024-04-05T00:00:00

Link: CVE-2024-31545

Vulnrichment

Updated: 2024-04-22T20:07:45.531Z

NVD

Status : Awaiting Analysis

Published: 2024-04-22T19:15:46.627

Modified: 2024-11-21T09:13:40.963

Link: CVE-2024-31545

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31545", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T01:52:57.333Z", "dateReserved": "2024-04-05T00:00:00", "datePublished": "2024-04-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-22T18:39:36.404133"}, "descriptions": [{"lang": "en", "value": "Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the \"id\" parameter of /admin/?page=user/manage_user&id=6."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/emirhanmtl/vuln-research/blob/main/SQLi-4-Computer-Laboratory-Management-System-PoC.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31545", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-22T20:11:26.791631Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sourcecodester:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*"], "vendor": "sourcecodester", "product": "computer_laboratory_management_system", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:36:05.428Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:57.333Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/emirhanmtl/vuln-research/blob/main/SQLi-4-Computer-Laboratory-Management-System-PoC.md", "tags": ["x_transferred"]}]}]}}