This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection in Web-School ERP 1.0. π **Consequences**: Full database compromise. Attackers can read, modify, or delete critical school data. The system integrity is completely broken.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **CWE-89**: SQL Injection. π **Flaw**: User inputs in `/SchoolERP/office_admin/` are not sanitized. Parameters like `groups_id`, `examname`, and `classes_id` are directly executed in SQL queries.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: AROX SOLUTION (Web-School). π¦ **Product**: School ERP Pro+Responsive. π **Version**: Specifically **v1.0**. π **Target**: Indian Web-School ERP deployments.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Unauthenticated access (PR:N). π **Data**: High impact (C:H, I:H, A:H). Hackers can extract student records, financial vouchers (`es_voucherid`), and administrative credentials. Total data loss.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: LOW. π« **Auth**: None required (PR:N). π±οΈ **UI**: None required (UI:N). π **Network**: Remote (AV:N). π **Complexity**: Low (AC:L). Easy to exploit via standard SQLi tools.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit**: Public references exist (Incibe CERT). π **PoC**: Specific parameters identified (`groups_id`, `es_class`, etc.). π **Wild Exploitation**: Likely, given low complexity and no auth requirement.β¦
π **Check**: Scan for `/SchoolERP/office_admin/` endpoint. π§ͺ **Test**: Inject SQL payloads into `groups_id` or `examname`. π **Indicator**: Database errors or unexpected data retrieval in response.β¦
π₯ **Priority**: CRITICAL. π **CVSS**: 9.8 (High). β±οΈ **Urgency**: Immediate action required. No auth needed + High impact = Active threat. Patch or isolate immediately to prevent data breach.