SQL Injection Vulnerability in SourceCodester Online Graduate Tracer System
CVE-2024-7845

7.5HIGH

Key Information:

Vendor: SourceCodester
Status: Online Graduate Tracer System
Vendor: CVE Published:; 16 August 2024

Summary

A significant security flaw has been identified in the SourceCodester Online Graduate Tracer System 1.0, specifically within the file /tracking/admin/fetch_it.php. This vulnerability allows remote attackers to execute SQL injection attacks by manipulating the 'request' argument. If exploited, attackers could gain unauthorized access to the database, compromising sensitive user data and system integrity. The vulnerability has been publicly disclosed, making it imperative for users of this system to take immediate action to secure their applications against potential exploitation.

References

https://vuldb.com/?id.274748

https://vuldb.com/?ctiid.274748

https://vuldb.com/?submit.391606

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 16, 2024

Collectors

NVD Database