Vulnerability in SourceCodester Complaints Report Management System 1.0 Allows for Remote SQL Injection
CVE-2024-7196

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Complaints Report Management System
Vendor: CVE Published:; 29 July 2024

Summary

A vulnerability exists within the SourceCodester Complaints Report Management System version 1.0 that facilitates SQL injection attacks via the /admin/ajax.php?action=login endpoint. By manipulating the 'username' parameter, attackers can infiltrate the database remotely, exposing sensitive data and potentially compromising system integrity. The nature of this vulnerability has been publicly disclosed, highlighting its significance and the urgency for remediation measures to prevent exploitation.

References

https://vuldb.com/?id.272617

https://vuldb.com/?ctiid.272617

https://vuldb.com/?submit.380408

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 29, 2024