CVE-2024-33404

HIGH Year: 2024
CVSS v3 Score
8.3
High
Weakness Type
CWE-89
View all →

Vulnerability Description

A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.

Related Vulnerabilities

CVE-2019-20361

HIGH
CVSS:8.3(High)

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerabil...

CWE-892019

CVE-2022-0224

HIGH
CVSS:8.3(High)

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CWE-892022

CVE-2022-0258

HIGH
CVSS:8.3(High)

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

CWE-892022

CVE-2022-33147

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022

CVE-2022-33148

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022

CVE-2022-33149

HIGH
CVSS:8.3(High)

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can se...

CWE-892022