SQL Injection Vulnerability in Itsourcecode Construction Management System
CVE-2024-50972

7.2HIGH

Key Information:

Vendor: Angeljudesuarez
Status: Construction Management System
Vendor: CVE Published:; 13 November 2024

Summary

A significant SQL injection vulnerability exists within the printtool.php file of the Itsourcecode Construction Management System version 1.0. This vulnerability permits remote attackers to exploit the system by executing arbitrary SQL commands through the manipulation of the borrow_id parameter. As a result, unauthorized access to sensitive database information poses a serious security threat, necessitating prompt remediation actions by users of the affected system.

References

https://itsourcecode.com/free-projects/php-project/constr...

https://github.com/Akhlak2511/CVE-2024-50972

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2024