SQL Injection Vulnerability in SourceCodester PHP Task Management System
CVE-2024-3222

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: PHP Task Management System
Vendor: CVE Published:; 3 April 2024

Summary

A severe SQL injection vulnerability has been identified in the SourceCodester PHP Task Management System 1.0, specifically affecting the file responsible for managing password changes (admin-password-change.php). By manipulating the 'admin_id' parameter, an attacker can execute arbitrary SQL code in the database, potentially leading to unauthorized access, data leakage, or full system compromise. This exploit can be initiated remotely, exposing the application to significant risks. It is critical for users of this version to address the vulnerability promptly by applying any provided patches or implementing robust security measures.

References

https://vuldb.com/?id.259067

https://vuldb.com/?ctiid.259067

https://vuldb.com/?submit.308627

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2024