SQL Injection Vulnerability in SourceCodester Employee and Visitor Gate Pass Logging System
CVE-2024-9315

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Employee And Visitor Gate Pass Logging System
Vendor: CVE Published:; 28 September 2024

Summary

A significant security flaw has been identified in the SourceCodester Employee and Visitor Gate Pass Logging System version 1.0. The issue arises from improper handling of inputs in the /admin/maintenance/manage_department.php file, leading to a SQL injection vulnerability when the 'id' argument is manipulated. This type of vulnerability can allow attackers to execute arbitrary SQL queries, potentially compromising sensitive data or gaining unauthorized access to the database. Given that the exploit can be initiated remotely, it poses a serious risk for organizations utilizing this system. Public disclosure of the exploit means it could be readily available for malicious actors, emphasizing the importance of immediate mitigation measures.

References

https://vuldb.com/?id.278819

https://vuldb.com/?ctiid.278819

https://vuldb.com/?submit.412524

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2024