SQL Injection Vulnerability in SourceCodester PHP Task Management System
CVE-2024-3221

8.8HIGH

Key Information:

Vendor
Sourcecodester
Status
PHP Task Management System
Vendor
CVE Published:
3 April 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A significant security vulnerability was identified in SourceCodester's PHP Task Management System version 1.0. This flaw resides within the 'attendance-info.php' file, where improper handling of the 'user_id' parameter can lead to SQL injection attacks. Such vulnerabilities can be exploited remotely, allowing unauthorized users to manipulate database queries and potentially expose sensitive information. The exploit for this vulnerability has been disclosed publicly, making it crucial for users and administrators to implement immediate security measures to mitigate the risk.

Affected Version(s)

PHP Task Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-3221 - Proof of Concept

References

https://vuldb.com/?id.259066
vdb-entrytechnical-description
https://vuldb.com/?ctiid.259066
signaturepermissions-required
https://vuldb.com/?submit.308626
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.