SQL Injection Vulnerability in SourceCodester Complaints Report Management System 1.0
CVE-2024-7198

8.8HIGH

Key Information:

Vendor: Oretnom23
Status: Complaints Report Management System
Vendor: CVE Published:; 29 July 2024

What is CVE-2024-7198?

A remote SQL injection vulnerability exists in the SourceCodester Complaints Report Management System 1.0, specifically affecting the /admin/manage_station.php file. An attacker can manipulate the 'id' parameter to execute arbitrary SQL queries on the database. This vulnerability compromises the integrity and confidentiality of the database by allowing unauthorized users to exploit the system from a remote location. It is essential for organizations using this software to implement necessary security patches and monitor their systems for any potential exploitation attempts, given that the details of the exploit have been publicly disclosed.

References

https://vuldb.com/?id.272619

https://vuldb.com/?ctiid.272619

https://vuldb.com/?submit.380420

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2024

Oretnom23

What is CVE-2024-7198?

References

CVSS V3.1

Timeline