SQL Injection Vulnerability in CodeAstro Complaint Management System
CVE-2024-55509

9.8CRITICAL

Key Information:

Vendor: CodeAstro
Status: Complaint Management System
Vendor: CVE Published:; 20 December 2024

What is CVE-2024-55509?

CVE-2024-55509 is a high-severity SQL injection vulnerability found in version 1.0 of the CodeAstro Complaint Management System. This flaw allows remote attackers to manipulate the id parameter in delete.php, which can result in arbitrary code execution and escalation of privileges. Due to its exploitability, organizations using this software are urged to apply security patches immediately to mitigate potential risks associated with this vulnerability.

References

https://github.com/prithivilakshmanan/CSV/blob/main/CVE-2...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2024