SQL Injection Vulnerability in 1000 Projects Attendance Tracking Management System
CVE-2024-12787

9.8CRITICAL

Key Information:

Vendor

1000 Projects

Status
Attendance Tracking Management System
Vendor
CVE Published:
19 December 2024
🔔 Create 1000 Projects Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-12787?

CVE-2024-12787 is a critical SQL injection vulnerability discovered in version 1.0 of the 1000 Projects Attendance Tracking Management System. The vulnerability resides in an unspecified functionality within the file '/student/check_student_login.php'. By manipulating the 'student_emailid' argument, an attacker can perform unauthorized SQL queries, potentially compromising the underlying database. This flaw can be exploited remotely, leading to severe data leaks or unauthorized access to sensitive information. The exploit has been publicly disclosed, emphasizing the urgent need for users of this platform to implement protective measures.

Affected Version(s)

Attendance Tracking Management System 1.0

References

https://vuldb.com/?id.288967
vdb-entrytechnical-description
https://vuldb.com/?ctiid.288967
signaturepermissions-required
https://vuldb.com/?submit.465082
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

AFK-cmd (VulDB User)
.