{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6276","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-06-23T18:59:35.307Z","datePublished":"2024-06-24T01:31:04.502Z","dateUpdated":"2024-08-01T21:33:05.331Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-06-24T01:31:04.502Z"},"title":"lahirudanushka School Management System Teacher Page teacher.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"lahirudanushka","product":"School Management System","versions":[{"version":"1.0.0","status":"affected"},{"version":"1.0.1","status":"affected"}],"modules":["Teacher Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1. This issue affects some unknown processing of the file teacher.php of the component Teacher Page. The manipulation of the argument update leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269489 was assigned to this vulnerability."},{"lang":"de","value":"Eine Schwachstelle wurde in lahirudanushka School Management System 1.0.0/1.0.1 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei teacher.php der Komponente Teacher Page. Dank der Manipulation des Arguments update mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.7,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.7,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.8,"vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-06-23T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-06-23T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-06-23T21:04:52.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"louay khammassi (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.269489","name":"VDB-269489 | lahirudanushka School Management System Teacher Page teacher.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.269489","name":"VDB-269489 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.362877","name":"Submit #362877 | School-Management-System---PHP-MySQL 1.0.1 SQL Injection","tags":["third-party-advisory"]},{"url":"https://powerful-bulb-c36.notion.site/sql-injection-3-52ce387faca74869b441eb1bf4cec27a","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-24T14:26:17.704941Z","id":"CVE-2024-6276","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-24T14:26:24.399Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:33:05.331Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.269489","name":"VDB-269489 | lahirudanushka School Management System Teacher Page teacher.php sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.269489","name":"VDB-269489 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.362877","name":"Submit #362877 | School-Management-System---PHP-MySQL 1.0.1 SQL Injection","tags":["third-party-advisory","x_transferred"]},{"url":"https://powerful-bulb-c36.notion.site/sql-injection-3-52ce387faca74869b441eb1bf4cec27a","tags":["exploit","x_transferred"]}]}]}}