SQL Injection Vulnerability in Inventory Management System by Code-Projects
CVE-2024-11250

9.8CRITICAL

Key Information:

Vendor: Code-projects
Status: Inventory Management
Vendor: CVE Published:; 15 November 2024

🔔 Create Code-projects Vulnerability Alert

What is CVE-2024-11250?

A vulnerability has been identified in the Inventory Management System developed by Code-Projects, specifically impacting version 1.0. The issue arises from improper validation of user input in the editProduct.php file, primarily in the handling of the 'id' parameter. This flaw opens the door to SQL injection attacks, enabling remote attackers to manipulate database queries. Successful exploitation could lead to unauthorized access to sensitive data or alteration of database records. As this vulnerability is publicly disclosed, immediate action is advisable to mitigate potential risks.

References

https://vuldb.com/?id.284686

https://vuldb.com/?ctiid.284686

https://vuldb.com/?submit.443272

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024