CVE-2024-10700

Name of the Vulnerable Software and Affected Versions code-projects University Event Management System version 1.0

Description A critical issue has been found in the code-projects University Event Management System, affecting the file submit.php. The manipulation of the arguments name, email, title, Year, gender, fromdate, todate, and people leads to SQL injection. The attack can be initiated remotely. It is assumed that a variety of parameters is affected, not just the initially mentioned name parameter.

Recommendations For code-projects University Event Management System version 1.0, as a temporary workaround, consider restricting access to the submit.php file until a patch is available. Avoid using the parameters name, email, title, Year, gender, fromdate, todate, and people in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.