Summary: - Vulnerability Type: SQL Injection - Severity: Critical - Product Affected: Campcodes Complete Web-Based School Management System 1.0 - File受影响: - CVE ID: CVE-2024-4908 - Exploit Availability: Available as proof-of-concept on GitHub Details: - Description: A critical SQL injection vulnerability is found in the parameter of . This allows for remote exploitation and modification of the SQL command through user input. - CWE: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')) - Impact: Confidentiality, integrity, and availability - Exploitation: Known and accessible on GitHub under CVE-2024-4908 - ATT&CK Technique: T1505