CVE-2024-57459 — HIGH (7.3)

Vulnerability Description

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Vishalmathur	Cloudclassroom-Php Project	1.0

Related Weaknesses (CWE)

CWE-89

References

https://gist.github.com/b0mk35h/921cfa00f9ea1af66645574537d38587Third Party Advisory
https://owasp.org/www-community/attacks/SQL_InjectionNot Applicable

FAQ

What is CVE-2024-57459?

CVE-2024-57459 is a vulnerability with a CVSS score of 7.3 (HIGH). A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject ...

How severe is CVE-2024-57459?

CVE-2024-57459 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-57459?

Check the references section above for vendor advisories and patch information. Affected products include: Vishalmathur Cloudclassroom-Php Project.