SQL Injection in Code-Projects Simple Ticket Booking Login Functionality
CVE-2024-6745

9.8CRITICAL

Key Information:

Vendor: code-projects
Status: Simple Ticket Booking
Vendor: CVE Published:; 15 July 2024

🔔 Create code-projects Vulnerability Alert

What is CVE-2024-6745?

A significant SQL injection vulnerability is present in the Simple Ticket Booking application, specifically within the login mechanism located in the adminauthenticate.php file. This flaw is triggered by improper handling of input arguments such as email and password, allowing attackers to manipulate SQL queries executed by the application. Due to the nature of this vulnerability, remote exploitation is possible, putting user data and system integrity at risk. Immediate attention and remediation measures are crucial to mitigate potential attacks, as the exploit has already been publicly disclosed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.271476

https://vuldb.com/?ctiid.271476

https://vuldb.com/?submit.374770

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2024

JSON

code-projects

What is CVE-2024-6745?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.