CVE-2024-0488

Name of the Vulnerable Software and Affected Versions code-projects Fighting Cock Information System version 1.0 Windows Event Log (affected versions not specified)

Description A critical issue has been identified, allowing for SQL injection through the manipulation of the type feed argument in the /admin/action/new-feed.php file. This can be initiated remotely. The issue affects an unknown part of the file and has been publicly disclosed, potentially allowing for exploitation. Additionally, a flaw in Windows Event Log could let attackers disrupt security systems, although it does not directly take over the system.

Recommendations For code-projects Fighting Cock Information System version 1.0, consider restricting access to the /admin/action/new-feed.php file and avoid using the type feed argument until a fix is available. For Windows Event Log, at the moment, there is no information about a newer version that contains a fix for this issue.