CVE-2020-36034: SQL Injection
First published: Fri Aug 11 2023(Updated: )
SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| School Faculty Scheduling System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-36034?
CVE-2020-36034 is considered a critical severity vulnerability due to its potential for remote code execution and privilege escalation.
How do I fix CVE-2020-36034?
To fix CVE-2020-36034, validate and sanitize all user inputs, especially the 'id' parameter in manage_user.php, to prevent SQL injection.
What types of systems are affected by CVE-2020-36034?
CVE-2020-36034 affects the School Faculty Scheduling System version 1.0.
What kind of attacks can be executed using CVE-2020-36034?
An attacker can exploit CVE-2020-36034 to execute arbitrary SQL commands, leading to unauthorized data access and privilege escalation.
Is there a patch available for CVE-2020-36034?
Currently, there is no official patch available for CVE-2020-36034, so immediate remediation through coding practices is necessary.
- agent/type
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/weakness
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/school faculty scheduling system project
- canonical/school faculty scheduling system
- version/school faculty scheduling system/1.0