{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6268", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-06-22T15:43:36.918Z", "datePublished": "2024-06-23T09:31:04.178Z", "dateUpdated": "2024-08-01T21:33:05.341Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-23T09:31:04.178Z"}, "title": "lahirudanushka School Management System Login Page login.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 SQL Injection"}]}], "affected": [{"vendor": "lahirudanushka", "product": "School Management System", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}], "modules": ["Login Page"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269480."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in lahirudanushka School Management System 1.0.0/1.0.1 entdeckt. Davon betroffen ist unbekannter Code der Datei login.php der Komponente Login Page. Mit der Manipulation des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-06-22T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-06-22T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-06-22T17:50:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "louay khammassi (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.269480", "name": "VDB-269480 | lahirudanushka School Management System Login Page login.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.269480", "name": "VDB-269480 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.362805", "name": "Submit #362805 | School-Management-System---PHP-MySQL 1.0.1 Authorization Bypass Through User-Controlled SQL Primary Key", "tags": ["third-party-advisory"]}, {"url": "https://powerful-bulb-c36.notion.site/SQL-injection-to-authorization-bypass-af95fa2c72b84b4297e3d61c17cd7cdb?pvs=4", "tags": ["exploit"]}, {"url": "https://github.com/lahirudanushka/School-Management-System---PHP-MySQL/issues/2", "tags": ["issue-tracking"]}]}, "adp": [{"affected": [{"vendor": "lahirudanushka", "product": "school_management_system", "cpes": ["cpe:2.3:a:lahirudanushka:school_management_system:1.0.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:39:36.660244Z", "id": "CVE-2024-6268", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:40:03.641Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:05.341Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.269480", "name": "VDB-269480 | lahirudanushka School Management System Login Page login.php sql injection", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.269480", "name": "VDB-269480 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.362805", "name": "Submit #362805 | School-Management-System---PHP-MySQL 1.0.1 Authorization Bypass Through User-Controlled SQL Primary Key", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://powerful-bulb-c36.notion.site/SQL-injection-to-authorization-bypass-af95fa2c72b84b4297e3d61c17cd7cdb?pvs=4", "tags": ["exploit", "x_transferred"]}, {"url": "https://github.com/lahirudanushka/School-Management-System---PHP-MySQL/issues/2", "tags": ["issue-tracking", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.269480", "name": "VDB-269480 | lahirudanushka School Management System Login Page login.php sql injection", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.269480", "name": "VDB-269480 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.362805", "name": "Submit #362805 | School-Management-System---PHP-MySQL 1.0.1 Authorization Bypass Through User-Controlled SQL Primary Key", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://powerful-bulb-c36.notion.site/SQL-injection-to-authorization-bypass-af95fa2c72b84b4297e3d61c17cd7cdb?pvs=4", "tags": ["exploit", "x_transferred"]}, {"url": "https://github.com/lahirudanushka/School-Management-System---PHP-MySQL/issues/2", "tags": ["issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:05.341Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6268", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T19:39:36.660244Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lahirudanushka:school_management_system:1.0.1:*:*:*:*:*:*:*"], "vendor": "lahirudanushka", "product": "school_management_system", "versions": [{"status": "affected", "version": "1.0.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:39:58.642Z"}}], "cna": {"title": "lahirudanushka School Management System Login Page login.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "louay khammassi (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "lahirudanushka", "modules": ["Login Page"], "product": "School Management System", "versions": [{"status": "affected", "version": "1.0.0"}, {"status": "affected", "version": "1.0.1"}]}], "timeline": [{"lang": "en", "time": "2024-06-22T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-06-22T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-06-22T17:50:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.269480", "name": "VDB-269480 | lahirudanushka School Management System Login Page login.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.269480", "name": "VDB-269480 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.362805", "name": "Submit #362805 | School-Management-System---PHP-MySQL 1.0.1 Authorization Bypass Through User-Controlled SQL Primary Key", "tags": ["third-party-advisory"]}, {"url": "https://powerful-bulb-c36.notion.site/SQL-injection-to-authorization-bypass-af95fa2c72b84b4297e3d61c17cd7cdb?pvs=4", "tags": ["exploit"]}, {"url": "https://github.com/lahirudanushka/School-Management-System---PHP-MySQL/issues/2", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269480."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in lahirudanushka School Management System 1.0.0/1.0.1 entdeckt. Davon betroffen ist unbekannter Code der Datei login.php der Komponente Login Page. Mit der Manipulation des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-23T09:31:04.178Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6268", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:33:05.341Z", "dateReserved": "2024-06-22T15:43:36.918Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-06-23T09:31:04.178Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lahirudanushka:school_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EA5C3F4-40FB-403D-8E42-D5A2C34C42C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:lahirudanushka:school_management_system:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9AAD6223-13DB-4AAC-A206-6FBDFF848C83", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. Affected by this issue is some unknown functionality of the file login.php of the component Login Page. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269480."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en lahirudanushka School Management System 1.0.0/1.0.1 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo login.php del componente Login Page es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento email conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-269480."}], "id": "CVE-2024-6268", "lastModified": "2024-09-19T17:06:24.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-06-23T10:15:09.753", "references": [{"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/lahirudanushka/School-Management-System---PHP-MySQL/issues/2"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://powerful-bulb-c36.notion.site/SQL-injection-to-authorization-bypass-af95fa2c72b84b4297e3d61c17cd7cdb?pvs=4"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.269480"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?id.269480"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.362805"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}