SQL Injection Vulnerability in Itsourcecode Construction Management System
CVE-2024-50971

7.2HIGH

Key Information:

Vendor: Angeljudesuarez
Status: Construction Management System
Vendor: CVE Published:; 13 November 2024

🔔 Create Angeljudesuarez Vulnerability Alert

What is CVE-2024-50971?

A SQL injection vulnerability has been identified in the print.php file of the Itsourcecode Construction Management System version 1.0. This flaw allows remote attackers to execute arbitrary SQL commands by manipulating the map_id parameter. Successful exploitation of this vulnerability could lead to unauthorized access to sensitive database information, posing significant security risks for affected installations. Users and administrators are advised to apply necessary security measures to safeguard their systems from potential exploitation.

References

https://itsourcecode.com/free-projects/php-project/constr...

https://github.com/Akhlak2511/CVE-2024-50971

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2024