SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter.
References
Configurations
Configuration 1 (hide)
|
History
25 Mar 2025, 17:20
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:campcodes:complete_web-based_school_management_system:1.0:*:*:*:*:*:*:* | |
| First Time |
Campcodes complete Web-based School Management System
Campcodes |
|
| References | () https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%204.pdf - Exploit, Third Party Advisory | |
| References | () https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%207.pdf - Exploit, Third Party Advisory |
Information
Published : 2024-05-06 18:15
Updated : 2025-03-25 17:20
NVD link : CVE-2024-33405
Mitre link : CVE-2024-33405
CVE.ORG link : CVE-2024-33405
JSON object : View
Products Affected
campcodes
- complete_web-based_school_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')