CVE-2024-54922

HIGH

kashipara E-learning Management System v1.0 - SQL Injection via edit_user.php Parameters

Title source: llm
STIX 2.1

Description

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.

Scores

CVSS v3 7.2
EPSS 0.0055
EPSS Percentile 42.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
lopalopa/e-learning_management_system 1.0
Published Dec 09, 2024
Tracked Since Feb 18, 2026