CVE-2024-28094

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 7, 2024

CWE ID 89

Summary

CVE-2024-28094 is a newly disclosed vulnerability affecting the Schoolbox application before version 23.1.3. Malicious users with authentication privileges can exploit this blind SQL Injection flaw to manipulate database records undetected. This vulnerability poses a significant risk, allowing attackers to read, modify, and delete data, potentially leading to serious consequences such as data breaches or system compromise. Users are urged to update their Schoolbox application as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uv1usB
https://www.cve.org/CVERecord?id=CVE-2024-28094
https://nvd.nist.gov/vuln/detail/CVE-2024-28094

Back to Vulnerability Database

CVE-2024-28094

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations