SQL Injection Vulnerability in SourceCodester Employee Management System
CVE-2024-1833

9.8CRITICAL

Key Information:

Vendor
Sourcecodester
Status
Employee Management System
Vendor
CVE Published:
23 February 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A security vulnerability has been identified in the SourceCodester Employee Management System version 1.0, related to the file /Account/login.php. This vulnerability allows attackers to manipulate the txtusername parameter, enabling SQL injection attacks. Such an attack can be executed remotely, potentially compromising the application's database and sensitive user information. The details of this exploitation have been made public, heightening concerns for users of the affected system. It is crucial for organizations using this product to implement necessary security measures to mitigate this risk and protect their data.

Affected Version(s)

Employee Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-1833 - Proof of Concept

References

https://vuldb.com/?id.254624
vdb-entrytechnical-description
https://vuldb.com/?ctiid.254624
signaturepermissions-required
https://github.com/xiahao90/CVEproject/blob/main/xiahao.w...
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

webray.com.cn (VulDB User)
.