CVE-2017-16561

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1530%

EPSS Percentile7.37th

PublishedNov 7, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.

Affected Platforms (CPE)

📦

Ingenious School Management System Project

Ingenious School Management System

= 2.3.0

References & Advisories

🔗 https://www.exploit-db.com/exploits/43108/

Related Vulnerabilities

CVE-2017-159578.8

my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.

CVE-2017-278510.0

An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially cra...

CVE-2017-278810.0

A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet ...

CVE-2017-522610.0

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioc...