SQL Injection Vulnerability in SourceCodester PHP Task Management System
CVE-2024-3221
Key Information:
- Vendor
- Sourcecodester
- Vendor
- CVE Published:
- 3 April 2024
Badges
Summary
A significant security vulnerability was identified in SourceCodester's PHP Task Management System version 1.0. This flaw resides within the 'attendance-info.php' file, where improper handling of the 'user_id' parameter can lead to SQL injection attacks. Such vulnerabilities can be exploited remotely, allowing unauthorized users to manipulate database queries and potentially expose sensitive information. The exploit for this vulnerability has been disclosed publicly, making it crucial for users and administrators to implement immediate security measures to mitigate the risk.
Affected Version(s)
PHP Task Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published