First published: Mon Dec 14 2020(Updated: )
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Classroombookings Classroombookings | <2.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35382 is a vulnerability that allows SQL injection in Classbooking before version 2.4.1 via the username field of a CSV file when adding a new user.
CVE-2020-35382 has a severity rating of 7.2 (High).
CVE-2020-35382 affects Classroombookings versions up to and excluding 2.4.1.
To fix CVE-2020-35382, you should update Classroombookings to version 2.4.1 or later.
You can find more information about CVE-2020-35382 on the GitHub issue page: https://github.com/craigrodway/classroombookings/issues/27