CVE-2024-0389: SourceCodester Student Attendance System attendance_report.php sql injection
Description
A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250230 is the identifier assigned to this vulnerability. Es wurde eine Schwachstelle in SourceCodester Student Attendance System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei attendance_report.php. Mit der Manipulation des Arguments class_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-0389
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Problem Types
CWE-89 SQL InjectionAffected Products
Vendor: SourceCodester
Product: Student Attendance System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.31% (probability of being exploited)
EPSS Percentile: 53.45% (scored less or equal to compared to others)
EPSS Date: 2025-06-07 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-0389https://vuldb.com/?id.250230
https://vuldb.com/?ctiid.250230
https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing