CVE-ID CVE-2024-27574

CVSSCORE 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

DESCRIPTION:

SQL injection vulnerability in Trainme Academy Ichin v.1.3.2

A SQL injection vulnerability is identified in a lack of proper validation in data entry in one of the fields of the course management system. This allows an attacker to inject and execute SQL queries, compromising the security of over 200 databases and granting unauthorized access to sensitive information.

REFERENCES: https://owasp.org/Top10/es/A03_2021-Injection/

https://capec.mitre.org/data/definitions/66.html

Blind SQL injection is evident

The databases are evident.

Access to a database containing the access information of users including the administrator is evident.