SQL Injection Vulnerability in code-projects University Event Management System
CVE-2024-10700

9.8CRITICAL

Key Information:

Vendor: Code-projects
Status: University Event Management System
Vendor: CVE Published:; 2 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A significant SQL injection vulnerability has been identified in the University Event Management System, version 1.0, developed by code-projects. This vulnerability resides in the handling of user input within the submit.php file, specifically in parameters such as name, email, title, Year, gender, fromdate, todate, and people. Attackers can exploit this weakness remotely, potentially allowing for unauthorized access to sensitive information. While initial reports focused on the 'name' parameter, it is crucial to recognize that various other parameters are similarly vulnerable. This vulnerability has been publicly disclosed, increasing the risk of exploitation, making it essential for users of this system to implement immediate security measures or updates to safeguard against potential attacks.

Affected Version(s)

University Event Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10700 - Proof of Concept