CVE-2017-16561

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1530%

EPSS Percentile7.37th

Published2017年11月7日

Last Modified2026年5月13日

Vulnerability Description

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.

Affected Platforms (CPE)

📦

Ingenious School Management System Project

Ingenious School Management System

= 2.3.0

References & Advisories

🔗 https://www.exploit-db.com/exploits/43108/

関連する脆弱性情報

CVE-2017-159578.8

my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.

CVE-2017-379110.0

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication ...

CVE-2017-1091210.0

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.

CVE-2017-1092010.0

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a G...