Vulnerability Description
Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schoolbox | Schoolbox | < 23.1.3 |
Related Weaknesses (CWE)
References
- https://schoolbox.education/Product
- https://www.themissinglink.com.au/security-advisories/cve-2024-28094Third Party Advisory
- https://schoolbox.education/Product
- https://www.themissinglink.com.au/security-advisories/cve-2024-28094Third Party Advisory
FAQ
What is CVE-2024-28094?
CVE-2024-28094 is a vulnerability with a CVSS score of 8.8 (HIGH). Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records.
How severe is CVE-2024-28094?
CVE-2024-28094 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28094?
Check the references section above for vendor advisories and patch information. Affected products include: Schoolbox Schoolbox.