What the vulnerability does
01Description
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:L
What the vulnerability does
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Explanation of Vulnerability in Simple Terms
Attendance Manager versions up to 0.6.2 contain a SQL injection vulnerability in a network-accessible function that requires user authentication and victim interaction. An attacker with low-privilege access can craft malicious input to extract sensitive data from the database. The vulnerability also impacts system availability.
What an attacker can do
Extract sensitive data from the database by injecting SQL commands through user input.
Potential impact on your site
Unauthorized database access and potential data theft affecting all users; site performance may degrade.
Conditions required to exploit
Attacker must have a low-privilege user account and trick a victim into clicking a malicious link or visiting a crafted page.
Key dates
External resources
Related vulnerabilities