CVE-2017-16561

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1530%

EPSS Percentile7.37th

Published2017年11月7日

Last Modified2026年5月13日

Vulnerability Description

/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.

Affected Platforms (CPE)

📦

Ingenious School Management System Project

Ingenious School Management System

= 2.3.0

References & Advisories

🔗 https://www.exploit-db.com/exploits/43108/

相關漏洞威脅

CVE-2017-159578.8

my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.

CVE-2017-522610.0

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioc...

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...