SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System
CVE-2024-3251

8.8HIGH

Key Information:

Vendor: SourceCodester Computer Laboratory Management System
Status: Computer Laboratory Management System
Vendor: CVE Published:; 3 April 2024

Summary

A severe security vulnerability has been identified in SourceCodester's Computer Laboratory Management System version 1.0. This vulnerability arises from improper input validation in the administrative functionality, specifically under the file '/admin/?page=borrow/view_borrow', allowing an attacker to manipulate the 'id' parameter. By crafting specific input strings, a remote attacker could execute unauthorized SQL commands on the underlying database. This exploit leads to potential data leakage, unauthorized data manipulation, or even full system compromise, posing significant risks to organizations relying on this system for lab management. The vulnerability has become public knowledge, making it imperative for users to assess and remediate their systems to protect against potential exploitation.

References

https://vuldb.com/?id.259100

https://vuldb.com/?ctiid.259100

https://vuldb.com/?submit.309091

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2024