SQL Injection Vulnerability in CampCodes Supplier Management System
CVE-2024-41551

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Supplier Management System
Vendor: CVE Published:; 24 July 2024

What is CVE-2024-41551?

The CampCodes Supplier Management System version 1.0 exhibits a critical SQL injection vulnerability through the endpoint Supply_Management_System/admin/view_order_items.php?id=. This flaw allows potential attackers to manipulate SQL queries by injecting malicious code, which could lead to unauthorized access to sensitive data and manipulation of the database. Proper validation of input data is necessary to mitigate this risk and enhance the overall security posture of the system.

References

https://github.com/Chencihai/Chencihai/blob/main/cve/supp...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
Jul 18, 2024

Campcodes

What is CVE-2024-41551?

References

CVSS V3.1

Timeline