← Back to CVEs
CVE-2024-37840
HIGH8.8
Description
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published6/17/2024
Last Modified6/10/2025
Sourcenvd
Honeypot Sightings0
Affected Products
itsourcecode:learning_management_system
Weaknesses (CWE)
CWE-89
References
https://github.com/ganzhi-qcy/cve/issues/4(cve@mitre.org)
https://github.com/ganzhi-qcy/cve/issues/4(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.