SQL Injection Vulnerability in SourceCodester School Intramurals Student Attendance Management System
CVE-2024-5378

9.8CRITICAL

Key Information:

Vendor
Sourcecodester
Status
School Intramurals Student Attendance Management System
Vendor
CVE Published:
26 May 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A critical vulnerability has been identified in version 1.0 of the SourceCodester School Intramurals Student Attendance Management System, specifically in the file manage_sy.php. This vulnerability allows an attacker to perform SQL injection through the manipulation of the 'id' argument. The exploitation can be executed remotely, posing significant risks to the integrity and security of the database and user data. As the exploit has been publicly disclosed, immediate action is recommended to mitigate potential attacks. Users of the affected product should assess their systems and implement necessary security measures to protect against unauthorized access and data breaches.

Affected Version(s)

School Intramurals Student Attendance Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5378 - Proof of Concept

References

https://vuldb.com/?id.266290
vdb-entrytechnical-description
https://vuldb.com/?ctiid.266290
signaturepermissions-required
https://vuldb.com/?submit.344411
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

G_GX (VulDB User)
.