COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-3262

CVE-2021-3262

Severity
critical
Source
NVD · cve
Published
2023-08-29
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-3262
shame 35/100

TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Inform

Players implicated

trispark · vendornovusedu · productveo transportation · product

Description

TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.