Remote Code Execution Vulnerability in Travel management System
CVE-2024-51326

7.5HIGH

Key Information:

Vendor: projectworlds
Status: Travel Management System
Vendor: CVE Published:; 4 November 2024

🔔 Create projectworlds Vulnerability Alert

What is CVE-2024-51326?

An SQL Injection vulnerability exists in ProjectWorlds' Travel Management System version 1.0, specifically within the 't2' parameter of the deletesubcategory.php file. This security flaw allows remote attackers to manipulate database queries by injecting malicious SQL code, potentially leading to unauthorized access, data exfiltration, or even remote code execution. Organizations utilizing this software should prioritize applying necessary security measures and patches to mitigate the risks associated with this vulnerability.

References

https://projectworlds.in/

https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024