Remote Privilege Escalation and Sensitive Information Theft via Task ID Parameter in PHP Task Management System
CVE-2024-28613

9.8CRITICAL

Key Information:

Vendor
PHP Task Management System
Status
PHP Task Management System
Vendor
CVE Published:
24 April 2024

Summary

A vulnerability in the PHP Task Management System version 1.0 allows remote attackers to exploit SQL Injection through the task_id parameter of specific components such as task-details.php and edit-task.php. This exploitation can lead to unauthorized escalation of privileges and access to sensitive information within the system, posing a significant risk to data security and integrity.

References

https://www.sourcecodester.com/php/17217/employee-managem...
https://github.com/hakkitoklu/hunt/blob/main/PHP%20Task%2...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.