SQL Injection Vulnerability in SourceCodester Internship Portal Management System
CVE-2024-3252

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Internship Portal Management System
Vendor: CVE Published:; 3 April 2024

Summary

A significant security flaw has been identified in SourceCodester's Internship Portal Management System version 1.0, specifically located in the admin panel's authentication process. The vulnerability arises from improper handling of username and password inputs within the admin/check_admin.php file, allowing attackers to execute SQL injection attacks. This type of attack can be leveraged remotely, making it imperative for users of this software to implement urgent security measures. As the exploit is publicly disclosed, the risks associated with this vulnerability are heightened, necessitating immediate attention from system administrators to protect sensitive data.

References

https://vuldb.com/?id.259101

https://vuldb.com/?ctiid.259101

https://vuldb.com/?submit.309212

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2024