SQL Injection Vulnerability in PuneethReddyHC Event Management Application
CVE-2024-3432
Key Information:
- Vendor
Puneethreddyhc
- Status
- Vendor
- CVE Published:
- 7 April 2024
Badges
What is CVE-2024-3432?
A serious SQL injection vulnerability has been identified in version 1.0 of the PuneethReddyHC Event Management application. This security flaw arises from improper handling of parameters within the backend file /backend/register.php, specifically affecting the inputs: event_id, full_name, email, mobile, college, and branch. The vulnerability allows attackers to execute malicious SQL queries remotely, potentially leading to unauthorized access to sensitive information stored in the application’s database. The vulnerability has been publicly disclosed and poses a significant risk due to the lack of response from the vendor upon notification. Organizations using this application are advised to implement immediate protective measures to mitigate this security risk.
Affected Version(s)
Event Management 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
CVSS V3.0
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved