Vulnerability Description
SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| School Faculty Scheduling System Project | School Faculty Scheduling System | 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/TCSWT/School-Faculty-Scheduling-SystemExploitThird Party Advisory
- https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+ScheProduct
- https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-Product
- https://github.com/TCSWT/School-Faculty-Scheduling-SystemExploitThird Party Advisory
- https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+ScheProduct
- https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-Product
FAQ
What is CVE-2020-36034?
CVE-2020-36034 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafte...
How severe is CVE-2020-36034?
CVE-2020-36034 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36034?
Check the references section above for vendor advisories and patch information. Affected products include: School Faculty Scheduling System Project School Faculty Scheduling System.