SQL Injection Vulnerability in SourceCodester Complaints Report Management System by SourceCodester
CVE-2024-7199

8.8HIGH

Key Information:

Vendor: Oretnom23
Status: Complaints Report Management System
Vendor: CVE Published:; 29 July 2024

What is CVE-2024-7199?

A SQL injection vulnerability exists in the SourceCodester Complaints Report Management System version 1.0, specifically within the /admin/manage_user.php file. This vulnerability arises when unvalidated input is processed through the 'id' parameter, allowing attackers to manipulate SQL queries executed by the application. The potential for remote exploitation raises significant security concerns, as this flaw could lead to unauthorized access to sensitive data or control over the database. The vulnerability has been publicly disclosed, increasing the urgency for organizations using this software to implement necessary patches and enhance their security measures.

References

https://vuldb.com/?id.272620

https://vuldb.com/?ctiid.272620

https://vuldb.com/?submit.380421

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2024

Oretnom23

What is CVE-2024-7199?

References

CVSS V3.1

Timeline