CVE-2024-7220

medium

Description

A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

References

Advisories
Exploits

https://vuldb.com/?submit.380427

https://vuldb.com/?id.272791

https://vuldb.com/?ctiid.272791

https://gist.github.com/topsky979/5cd0b6a43815a0615b8493cde5c4dacf

Details

Source: Mitre, NVD

Published: 2024-07-30

Updated: 2025-09-01

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00178