CVE-2024-10427

Name of the Vulnerable Software and Affected Versions Codezips Pet Shop Management System version 1.0

Description A critical issue has been found in the system, affecting the /deleteanimal.php file, where the manipulation of the t1 argument leads to SQL injection. The attack can be initiated remotely. The issue affects the t1 parameter, initially thought to be refno, but further inspection revealed t1 as the affected parameter.

Recommendations For Codezips Pet Shop Management System version 1.0, as a temporary workaround, consider restricting access to the /deleteanimal.php file or disabling the manipulation of the t1 argument until a patch is available. Avoid using the t1 parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.