Unknown · Projectworlds Life Insurance Management System · CVE-2024-10734
**Name of the Vulnerable Software and Affected Versions**
Project Worlds Life Insurance Management System version 1.0
**Description**
A critical issue has been found in the system, affecting an unknown part of the file /editPayment.php. The manipulation of the `recipt no` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
**Recommendations**
As a temporary workaround, consider validating input sanitization for the `recipt no` argument in the /editPayment.php file until a patch is available.
Restrict access to the /editPayment.php file to minimize the risk of exploitation.
Patch the system immediately to prevent SQL injection attacks.