CVE-2024-35354 | Diño Physics School Assistant 2.3 Master.php id sql injection

Posted by Angelo Barbosa | May 30, 2024 | CVE

A vulnerability classified as critical has been found in Diño Physics School Assistant 2.3. Affected is an unknown function of the file /classes/Master.php?f=save_category. The manipulation of the argument id leads to sql injection.

This vulnerability is traded as CVE-2024-35354. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-35354 | Diño Physics School Assistant 2.3 Master.php id sql injection

Related Posts

CVE-2023-52193 | Live Composer Team Page Builder Plugin up to 1.5.23 on WordPress cross site scripting

CVE-2024-31745 | Libdwarf 0.9.1 /libdwarf/dwarf_alloc.c dw_empty_errlist_item use after free

CVE-2024-6853 | WP MultiTasking Plugin up to 0.1.12 on WordPress Popup cross-site request forgery

CVE-2024-36782 | Totolink CP300 2.0.4-B202 /etc/shadow.sample hard-coded password