Event Management System Afflicted with SQL Injection

CVE-2024-44727
9.8CRITICAL

Key Information

Vendor
Sourcecodehero
Status
Event Management System
Vendor
CVE Published:
5 September 2024

Summary

Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

Collectors

NVD Database
.