CVE-2024-0182

Name of the Vulnerable Software and Affected Versions SourceCodester Engineers Online Portal version 1.0

Description The issue is related to the lack of protection of the SQL query structure in the /admin/ component of the Admin Login feature. This allows a remote attacker to execute arbitrary SQL queries by manipulating the username and password arguments, leading to SQL injection. The attack can be launched remotely.

Recommendations For version 1.0, consider disabling the Admin Login feature until a patch is available to prevent exploitation. Restrict access to the /admin/ component to minimize the risk of exploitation. Avoid using the username and password arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.