SQL Injection Vulnerability in Sourcecodester Packers and Movers Management System
CVE-2024-48427

8.8HIGH

Key Information:

Vendor: Oretnom23
Status: Packers And Movers Management System
Vendor: CVE Published:; 24 October 2024

What is CVE-2024-48427?

The Packers and Movers Management System v1.0 by Sourcecodester contains a security vulnerability that permits remote authenticated users to execute arbitrary SQL commands. This SQL injection vulnerability can be exploited through manipulation of the id parameter in the URL path /mpms/admin/?page=services/manage_service&id, potentially allowing unauthorized access to sensitive data and impacting the integrity of the database.

References

https://www.sourcecodester.com/php/15360/packers-and-move...

https://github.com/vighneshnair7/CVE-2024-48427/blob/main...

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2024

Oretnom23

What is CVE-2024-48427?

References

EPSS Score

CVSS V3.1

Timeline