CVE-2020-36034

CRITICAL

School Faculty Scheduling System - SQL Injection

Title source: rule

Description

SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/TCSWT/School-Faculty-Scheduling-System

View Exploit ZIP pw:eip

Product

https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code

Product

https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html

Scores

CVSS v3 9.8

EPSS 0.0146

EPSS Percentile 81.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

school_faculty_scheduling_system_project/school_faculty_scheduling_system 1.0

Published Aug 11, 2023

Tracked Since Feb 18, 2026