CVE-2021-3262

CRITICAL

TripSpark VEO Transportation <2.2.x - SQL Injection

Title source: llm
STIX 2.1

Description

TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0101
EPSS Percentile 59.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
trispark/novusedu 2.2.x-xp_bb-20201123-184084
trispark/veo_transportation 2.2.x-xp_bb-20201123-184084os
Published Aug 29, 2023
Tracked Since Feb 18, 2026