SQL Injection Vulnerability in Campcodes Online Laundry Management System
CVE-2024-4795

8.8HIGH

Key Information:

Vendor

Campcodes

Status
Online Laundry Management System
Vendor
CVE Published:
14 May 2024

Badges

👾 Exploit Exists

What is CVE-2024-4795?

A serious vulnerability exists in Campcodes Online Laundry Management System version 1.0, specifically related to improper handling of user input in the manage_user.php file. This flaw allows attackers to perform SQL injection attacks by manipulating the 'id' parameter, potentially gaining unauthorized access to the database and sensitive user data. The issue can be exploited remotely, making it critical for users to patch their systems immediately. Public disclosure of this vulnerability heightens the urgency to mitigate the risk, as it can be easily exploited by threat actors.

Affected Version(s)

Online Laundry Management System 1.0

References

https://vuldb.com/?id.263894
vdb-entrytechnical-description
https://vuldb.com/?ctiid.263894
signaturepermissions-required
https://vuldb.com/?submit.332537
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

yylm (VulDB User)
JSON
.