SQL Injection Vulnerability in 1000 Projects Library Management System
CVE-2024-12188

9.8CRITICAL

Key Information:

Vendor

1000 Projects

Status
Library Management System
Vendor
CVE Published:
5 December 2024
🔔 Create 1000 Projects Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-12188?

CVE-2024-12188 is a critical SQL injection vulnerability found in the 1000 Projects Library Management System version 1.0. The vulnerability resides in the file /brains/stu.php, where improper validation of the useri parameter allows attackers to execute arbitrary SQL commands remotely. This flaw exposes sensitive data and can lead to unauthorized access to the database. Due to public disclosure of this exploit, organizations must take immediate action to secure their installations and prevent potential breaches.

Affected Version(s)

Library Management System 1.0

References

https://vuldb.com/?id.286909
vdb-entrytechnical-description
https://vuldb.com/?ctiid.286909
signaturepermissions-required
https://vuldb.com/?submit.455061
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

Credit

SkGoing (VulDB User)
.