SQL Injection Vulnerability in itsourcecode Loan Management System Login Page
CVE-2024-6192

9.8CRITICAL

Key Information:

Vendor: Angeljudesuarez
Status: Loan Management System
Vendor: CVE Published:; 20 June 2024

🔔 Create Angeljudesuarez Vulnerability Alert

What is CVE-2024-6192?

A vulnerability exists in the itsourcecode Loan Management System 1.0 that can be exploited through the login page's handling of user input in the username field. Specifically, the login.php file is susceptible to SQL injection attacks. Attackers can manipulate the input to execute arbitrary SQL commands, potentially gaining unauthorized access to the database and sensitive data. This vulnerability can be triggered remotely, posing significant risks to data integrity and confidentiality. The exploit has been publicly disclosed and represents a substantial security concern for users of the affected product.

References

https://vuldb.com/?id.269164

https://vuldb.com/?ctiid.269164

https://vuldb.com/?submit.359017

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2024

JSON