SQL Injection Vulnerability in SourceCodester Tracking Monitoring Management System
CVE-2024-7362

9.8CRITICAL

Key Information:

Vendor: Oretnom23
Status: Tracking Monitoring Management System
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-7362?

A notable vulnerability exists in the SourceCodester Tracking Monitoring Management System 1.0, allowing for SQL injection attacks via manipulation of the 'id' argument in the /manage_user.php file. This issue can be exploited remotely, potentially compromising sensitive data and system integrity. The public disclosure of this vulnerability indicates an urgent need for affected users to implement security measures to mitigate risks associated with unauthorized database access.

References

https://vuldb.com/?id.273341

https://vuldb.com/?ctiid.273341

https://vuldb.com/?submit.383497

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024

Oretnom23

What is CVE-2024-7362?

References

CVSS V3.1

Timeline