CVE-2017-20196

MEDIUM

Itechscripts School Management Software 2.75 - SQL Injection

Title source: llm

Description

A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WRITEUP

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/41034

View Code ZIP pw:eip

References (4)

Core 4

Core References

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.95307

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/41034/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/41034

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.95307

Scores

CVSS v3 6.3

EPSS 0.0007

EPSS Percentile 22.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

Itechscripts/School Management Software 2.75

Published Jan 26, 2025

Tracked Since Feb 18, 2026