Kashipara Dynamic Lab Management System admin_login_process.php sql injection
CVE-2024-0306
Key Information:
- Vendor
Kashipara
- Vendor
- CVE Published:
- 8 January 2024
Badges
What is CVE-2024-0306?
A significant SQL injection vulnerability exists in Kashipara's Dynamic Lab Management System, particularly affecting the /admin/admin_login_process.php file. This flaw arises from insufficient validation of the 'admin_password' argument, allowing attackers to potentially execute arbitrary SQL commands remotely. The exploit has been publicized, raising concerns over the safety of environments utilizing this system. Users and administrators of affected versions should prioritize immediate action to mitigate this security risk.
Affected Version(s)
Dynamic Lab Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved