QDocs Smart School Management System 7.0.0 SQL Injection Vulnerability (CVE-2024-8784) Advisory

Key Information Vulnerability Name: QDOCS SMART SCHOOL MANAGEMENT SYSTEM 7.0.0 Chat /USER/CHAT/MYNEWUSER USERS[] SQL INJECTION Vulnerability ID: VDB-277435 CVE-2024-8784 Affected Version: QDocs Smart School Management System 7.0.0 Vulnerability Description: CVSS Meta Temp Score: 5.7 CTI Interest Score: 5.17 Vulnerability Type: SQL Injection Affected Component: Chat Attack Vector: A SQL injection vulnerability exists in the Chat system of QDocs Smart School, allowing attackers to inject SQL code through the parameter in version 7.0.0. Discovery Date: March 8, 2024 Discloser: Jobyer Ahmed with Bytium Public Disclosure: Coordinated public disclosure with QDocs Vulnerability ID: CVE-2024-8784 Exploit Difficulty: The exploit appears relatively easy Public Exploit Available: Yes, public exploit available Technical Details: Technical details available Public Exploit Tool Available: Yes, public exploit tool available Remediation Recommendation: Upgrading to version 7.0.1 eliminates this vulnerability. The best mitigation is to upgrade to the latest version. Exploit Price: Current exploit price: $0–$5,000 Exploit Tool Source: GitHub.com Exploit Tool Type: PHP/SQL Exploit Tool Link: GitHub Exploit Tool Disclaimer: The exploit tool is declared as “proof-of-concept”. Exploit Tool Release Date: Not publicly released within at least 190 days Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit tool was not publicly released at the time of release Exploit Tool Release Status: The exploit

Goal Reached Thanks to every supporter — we hit 100%!

QDocs Smart School Management System 7.0.0 SQL Injection Vulnerability (CVE-2024-8784) Advisory