SQL Injection Vulnerability in SourceCodester Petrol Pump Management Software
CVE-2024-2060
What is CVE-2024-2060?
A notable security flaw has been identified in the Petrol Pump Management Software developed by SourceCodester. This vulnerability occurs in the login process, particularly within the file located at /admin/app/login_crud.php. The issue arises from improper handling of the 'email' input parameter, which allows attackers to execute SQL injection attacks. This can result in unauthorized access to sensitive database information. The vulnerability can be exploited remotely, raising significant concerns for system administrators and users. It is crucial for affected users to apply mitigations and updates as soon as possible to safeguard their systems against potential threats.
Affected Version(s)
Petrol Pump Management Software 1.0
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved