{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T04:49:23.593","vulnerabilities":[{"cve":{"id":"CVE-2020-10505","sourceIdentifier":"twcert@cert.org.tw","published":"2020-04-15T07:15:12.050","lastModified":"2024-11-21T04:55:29.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password."},{"lang":"es","value":"El sistema de gestión escolar antes de 2020, desarrollado por ALLE INFORMATION CO., LTD., Contiene una vulnerabilidad de inyección SQL, un atacante puede usar una cadena de consulta de inyección basada en unión para obtener el esquema de bases de datos y nombre de usuario / contraseña."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:the_school_manage_system_project:the_school_manage_system:-:*:*:*:*:*:*:*","matchCriteriaId":"6EAA067C-7930-48F8-8C95-497A19B2BD7E"}]}]}],"references":[{"url":"https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-3530-53d32-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.twcert.org.tw/tw/cp-132-3530-53d32-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}