SQL Injection Vulnerability in SourceCodester Task Progress Tracker
CVE-2024-7792

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Task Progress Tracker
Vendor: CVE Published:; 14 August 2024

Summary

A serious SQL injection vulnerability has been identified in SourceCodester Task Progress Tracker version 1.0, specifically within the /endpoint/delete-task.php file. This vulnerability allows remote attackers to manipulate the 'task' parameter, potentially leading to unauthorized access and database exploitation. With the exploit now public, it poses a significant risk to users running the affected version. It is crucial for organizations utilizing this software to implement immediate protective measures, including updates or mitigations, to avert potential data breaches and maintain their security posture.

References

https://vuldb.com/?id.274560

https://vuldb.com/?ctiid.274560

https://vuldb.com/?submit.389360

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024