CVE-2024-41238

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 8, 2024

Updated: Aug 12, 2024

CWE ID 89

Summary

CVE-2024-41238 is a SQL injection vulnerability that affects the student_login.php script in the Kashipara Responsive School Management System v1.0. An attacker can exploit this vulnerability by supplying malicious SQL commands through the "username" parameter, potentially gaining unauthorized access to sensitive data or even taking control of the underlying database. This issue poses a significant risk to schools and educational institutions that use this software and highlights the importance of regularly applying security patches and updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xFNlG4
https://www.cve.org/CVERecord?id=CVE-2024-41238
https://nvd.nist.gov/vuln/detail/CVE-2024-41238

Back to Vulnerability Database

CVE-2024-41238

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations