SQL Injection Vulnerability in Sourcecodester Library Management System
CVE-2024-40402

Currently unrated

Key Information:

Vendor: Sourcecodester
Status: Simple Library Management System
Vendor: CVE Published:; 17 July 2024

Summary

A SQL injection vulnerability exists in the 'ajax.php' file of the Sourcecodester Simple Library Management System version 1.0. This flaw results from inadequate validation of user inputs, specifically within the 'username' parameter. By exploiting this vulnerability, an attacker can execute arbitrary SQL commands, potentially accessing or manipulating sensitive data in the database. Proper sanitization and validation of user inputs are necessary to mitigate this risk and protect against unauthorized data access.

References

https://github.com/CveSecLook/cve/issues/49

Timeline

Vulnerability published
Jul 17, 2024
Vulnerability Reserved
Jul 5, 2024