Campcodes Supplier Management System Vulnerable to SQL Injection
CVE-2024-8344

8.8HIGH

Key Information:

Vendor: Campcodes
Status: Supplier Management System
Vendor: CVE Published:; 30 August 2024

What is CVE-2024-8344?

A vulnerability exists in the Campcodes Supplier Management System version 1.0, specifically within the /admin/edit_area.php file. An attacker can exploit this flaw through input manipulation on the 'id' argument, leading to SQL injection attacks. This allows unauthorized users to access and potentially alter sensitive database information remotely. The exploit has been publicly disclosed, heightening the risk of its occurrence.

References

https://vuldb.com/?id.276223

https://vuldb.com/?ctiid.276223

https://vuldb.com/?submit.400185

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2024