CVE-2024-0461 MEDIUM

CVE-2024-0461: code-projects Online Faculty Clearance HTTP POST Request deactivate.php sql injection

Vendor Code-Projects
Product Online Faculty Clearance
Weakness CWE-89 · SQLi
Published January 12, 2024
Last update June 17, 2025
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
June 17, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-11691 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection CVE-2025-2511 AHAthat Plugin <= 1.6 - Authenticated (Administrator+) SQL Injection via id Parameter CVE-2025-8172 itsourcecode Employee Management System index.php sql injection CVE-2024-7857 Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection CVE-2025-4936 projectworlds Online Food Ordering System admin-page.php sql injection