关键漏洞信息 Summary CVE ID: CVE-2024-2945 受影响系统: Campcodes Online Examination System 1.0 受影响文件: 漏洞类型: SQL Injection 漏洞严重性: Critical 攻击方式: Remote Details CWE: CWE-89 影响: - Confidentiality - Integrity - Availability 易受攻击性: Attack is easy to execute remotely 技术细节: - Product constructs all or part of an SQL command using externally-influenced input from an upstream component. - Input is not neutralized or incorrectly neutralizes special elements. 存在问题的参数: ID 已有解决方法: - Public exploit is shared for download at github.com. - Proof-of-concept exploit exists. Additional Info 攻击技战术: MITRE ATT&CK T1505 搜索方式: Google hacking with the query 建议措施: No countermeasures known, suggest replacing the affected object with an alternative product.