CVE-2024-27709

CRITICAL

Eskooly Web Product <3.0 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component.

Scores

CVSS v3 9.8
EPSS 0.0064
EPSS Percentile 46.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Published Jul 05, 2024
Tracked Since Feb 18, 2026