Online Class and Exam Scheduling System 10 Critical SQL Injection (CVE-2024-12489)

2024-12-12

:

A critical SQL injection vulnerability (CVE-2024-12489) has been identified in the code-projects Online Class and Exam Scheduling System version 1.0. This vulnerability affects an unspecified part of the `/pages/term.php` file. Attackers can exploit this vulnerability remotely by manipulating the `id` argument. Public exploit code is available.

Vulnerability Details:

Platform: Online Class and Exam Scheduling System
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical (CVSS v3: MEDIUM)
Date: December 11, 2024 (NVD published date)

What Undercode Says:

This critical SQL injection vulnerability poses a significant risk to users of Online Class and Exam Scheduling System 1.0. Attackers can potentially gain unauthorized access to sensitive data or manipulate the system. It is crucial to update to a patched version as soon as possible. If a patch is unavailable, consider mitigating measures to restrict access to the vulnerable application.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top