Event Management System Afflicted with SQL Injection
CVE-2024-44727

9.8CRITICAL

Key Information:

Vendor
Sourcecodehero
Status
Event Management System
Vendor
CVE Published:
5 September 2024

Summary

The Sourcecodehero Event Management System version 1.0 is exposed to a SQL Injection vulnerability due to inadequate input validation for the 'username' parameter in the /event/admin/login.php script. This flaw allows an attacker to manipulate SQL queries executed by the application, potentially leading to unauthorized access, data leakage, or manipulation of sensitive data within the database. Applications utilizing this system should implement proper sanitization measures and consider immediate updates or remediation to mitigate the associated risks.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.