CVE-2024-28094

HIGH

Schoolbox < 23.1.3 - Authenticated Blind SQL Injection in Chat Functionality

Title source: llm
STIX 2.1

Description

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0055
EPSS Percentile 42.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
schoolbox/schoolbox < 23.1.3
Published Mar 07, 2024
Tracked Since Feb 18, 2026