SQL Injection Vulnerability in 1000 Projects Library Management System
CVE-2024-12188

9.8CRITICAL

Key Information:

Vendor

1000 Projects

Status
Library Management System
Vendor
CVE Published:
5 December 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-12188?

CVE-2024-12188 is a critical SQL injection vulnerability found in the 1000 Projects Library Management System version 1.0. The vulnerability resides in the file /brains/stu.php, where improper validation of the useri parameter allows attackers to execute arbitrary SQL commands remotely. This flaw exposes sensitive data and can lead to unauthorized access to the database. Due to public disclosure of this exploit, organizations must take immediate action to secure their installations and prevent potential breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Library Management System 1.0

References

https://vuldb.com/?id.286909
vdb-entrytechnical-description
https://vuldb.com/?ctiid.286909
signaturepermissions-required
https://vuldb.com/?submit.455061
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

Credit

SkGoing (VulDB User)
JSON
.