CVE-2024-7220

CWE-74 CWE-89 — SQL Injection CWE-362 — Race Condition4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 65.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Campcodes School LOG Management System Sourcecodester School LOG Management System Oretnom23 School LOG Management System

Timeline

PublishedJul 30

Description

A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5campcodes/school_log_management_system1.0

▶CVEListV5sourcecodester/school_log_management_system1.0

▶NVDoretnom23/school_log_management_system1.0

🔴Vulnerability Details

CVEList

SourceCodester/Campcodes School Log Management System print_barcode.php sql injection↗2024-07-30

▶

GHSA

GHSA-q7vw-x6cm-vm3g: A vulnerability classified as critical was found in SourceCodester School Log Management System 1↗2024-07-30

▶