SourceCodester Engineers Online Portal Admin Login sql injection
CVE-2024-0182

7.3HIGH

Key Information:

Vendor
Sourcecodester
Status
Engineers Online Portal
Vendor
CVE Published:
1 January 2024

Badges

📰 News Worthy

Summary

A SQL injection vulnerability has been identified in the SourceCodester Engineers Online Portal, specifically within the admin login functionality. This security flaw allows an attacker to manipulate input parameters—specifically the username and password fields—thereby executing arbitrary SQL queries. The vulnerability can be exploited remotely, enabling unauthorized users to gain access to sensitive information or perform actions without proper authorization. This issue highlights the importance of secure input validation and the potential risks associated with inadequate protections in web application development.

Affected Version(s)

Engineers Online Portal 1.0

News Articles

favicon imageprophaze.com

CVE-2024-0182 : SOURCECODESTER ENGINEERS ONLINE PORTAL 1.0 ADMIN LOGIN /ADMIN/ USERNAME/PASSWORD SQL INJECTION - Cloud WAF

CVE-2024-0182 : A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical.

1 year ago

References

https://vuldb.com/?id.249440
vdb-entrytechnical-description
https://vuldb.com/?ctiid.249440
signaturepermissions-required

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by prophaze.com

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Farish (VulDB User)
.