CVE-2024-57401

Critical

Published: 20 February 2025

Published

20 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0440 89.1th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Description

SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function.

Security Summary

CVE-2024-57401, published on 2025-02-20, is a SQL injection vulnerability (CWE-94) in Uniclare Student Portal version 2 and earlier versions. The issue is located in the Forgot Password function, which allows a remote attacker to execute arbitrary code.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is highly severe due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability. An unauthenticated remote attacker can exploit it remotely to execute arbitrary code on the affected system.

Mitigation details and further information are available in the referenced advisory at https://github.com/aksingh82/CVE-2024-57401 and on the affected software's site at https://studentportal.universitysolutions.in/.

Details

CWE(s): CWE-94

References

https://github.com/aksingh82/CVE-2024-57401
cve@mitre.org
https://studentportal.universitysolutions.in/
cve@mitre.org