Remote Privilege Escalation and Sensitive Information Theft via Task ID Parameter in PHP Task Management System
CVE-2024-28613
9.8CRITICAL
What is CVE-2024-28613?
A vulnerability in the PHP Task Management System version 1.0 allows remote attackers to exploit SQL Injection through the task_id parameter of specific components such as task-details.php and edit-task.php. This exploitation can lead to unauthorized escalation of privileges and access to sensitive information within the system, posing a significant risk to data security and integrity.