SQL Injection Vulnerability in SourceCodester Laundry Management System
CVE-2024-3445

9.8CRITICAL

Key Information:

Vendor
Sourcecodester
Status
Laundry Management System
Vendor
CVE Published:
8 April 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The SourceCodester Laundry Management System 1.0 is susceptible to a critical SQL injection vulnerability that allows attackers to manipulate the 'data_karyawan' parameter within the '/karyawan/laporan_filter' file. This flaw originates from insufficient input validation, enabling unauthorized users to execute arbitrary SQL commands, potentially compromising sensitive data. As this vulnerability can be exploited remotely, it poses a significant risk to systems using this outdated version. Organizations utilizing this software should implement immediate protective measures, including updating to the latest version or employing web application firewalls to mitigate risks.

Affected Version(s)

Laundry Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-3445 - Proof of Concept

References

https://vuldb.com/?id.259702
vdb-entrytechnical-description
https://vuldb.com/?ctiid.259702
signaturepermissions-required
https://vuldb.com/?submit.312296
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LI YU (VulDB User)
.