CVE-2024-10380

Name of the Vulnerable Software and Affected Versions SourceCodester Petrol Pump Management Software version 1.0

Description A critical issue has been found in the software, affecting some unknown functionality of the file /admin/ajax product.php. The manipulation of the drop services argument leads to sql injection. The attack may be launched remotely.

Recommendations For SourceCodester Petrol Pump Management Software version 1.0, consider restricting access to the /admin/ajax product.php file until a patch is available. As a temporary workaround, avoid using the drop services argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.