SQL Injection Vulnerability in SourceCodester Best Employee Management System
CVE-2024-11212

8.8HIGH

Key Information:

Vendor: Mayurik
Status: Best Employee Management System
Vendor: CVE Published:; 14 November 2024

What is CVE-2024-11212?

A security flaw has been identified in the SourceCodester Best Employee Management System version 1.0, specifically within the file fetch_product_details.php. This vulnerability arises from improper handling of user input in the barcode argument, allowing for SQL injection attacks. An attacker could exploit this flaw remotely, potentially gaining unauthorized access to sensitive database information. Given that this vulnerability has already been disclosed publicly, immediate action is recommended to secure systems against potential exploitation.

References

https://vuldb.com/?id.284528

https://vuldb.com/?ctiid.284528

https://vuldb.com/?submit.442035

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2024

Mayurik

What is CVE-2024-11212?

References

CVSS V3.1

Timeline