CVE-2024-33968
Last modified
CVE-2024-33968 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Janobe | Credit Card | 1.0 |
| Janobe | Debit Card Payment | 1.0 |
| Janobe | Paypal | 1.0 |
| Janobe | School Attendence Monitoring System | 1.0 |
| Janobe | School Event Management System | 1.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-33968?
How severe is CVE-2024-33968?
How do I fix CVE-2024-33968?
Are you affected by CVE-2024-33968?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST