SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-5895

9.8CRITICAL

Key Information:

Vendor: Oretnom23
Status: Employee And Visitor Gate Pass Logging System
Vendor: CVE Published:; 12 June 2024

What is CVE-2024-5895?

A critical vulnerability has been identified in the SourceCodester Employee and Visitor Gate Pass Logging System version 1.0. The vulnerability resides in the delete_users function found in the file /classes/Users.php?f=delete. An attacker can exploit this flaw by manipulating the 'id' argument, leading to a SQL injection attack. This type of vulnerability allows unauthorized access to sensitive data, potentially compromising user information and system functionality. Since the exploit can be initiated remotely, it poses an immediate risk to any system utilizing this software. Publicly disclosed details amplify the urgency for organizations to patch their systems and safeguard against potential breaches.

References

https://vuldb.com/?id.268139

https://vuldb.com/?ctiid.268139

https://vuldb.com/?submit.354915

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2024

Oretnom23

What is CVE-2024-5895?

References

CVSS V3.1

Timeline