Event Management System Afflicted with SQL Injection
CVE-2024-44727
9.8CRITICAL
Key Information:
- Vendor
- Sourcecodehero
- Status
- Event Management System
- Vendor
- CVE Published:
- 5 September 2024
Summary
The Sourcecodehero Event Management System version 1.0 is exposed to a SQL Injection vulnerability due to inadequate input validation for the 'username' parameter in the /event/admin/login.php script. This flaw allows an attacker to manipulate SQL queries executed by the application, potentially leading to unauthorized access, data leakage, or manipulation of sensitive data within the database. Applications utilizing this system should implement proper sanitization measures and consider immediate updates or remediation to mitigate the associated risks.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published