How severe is CVE-2024-4824?

CVE-2024-4824 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2024-4824

Name: school_erp_pro\+responsive
Author: arox

9.8CRITICAL

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. Th

Publicado: 5/14/2024Actualizado: 10/23/2025

Descripción

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.

Análisis IAImpulsado por IA

Productos Afectados

aroxschool_erp_pro\+responsive

1.0

Referencias

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution
Third Party Advisory