SQL Injection Vulnerability in SourceCodester Tracking Monitoring Management System
CVE-2024-7363

9.8CRITICAL

Key Information:

Vendor

Oretnom23

Vendor
CVE Published:
1 August 2024

What is CVE-2024-7363?

A vulnerability has been identified in the SourceCodester Tracking Monitoring Management System version 1.0, specifically in the /manage_person.php file, where improper validation of the 'id' argument can be exploited through SQL injection. This allows remote attackers to manipulate the database and potentially execute unauthorized commands, which can compromise the integrity and confidentiality of the data. The exploit has been publicly disclosed, indicating that immediate action is necessary to mitigate potential threats.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.