CVE-2024-11744

Name of the Vulnerable Software and Affected Versions 1000 Projects Portfolio Management System MCA version 1.0

Description A critical issue has been found in the /register.php file, affecting an unknown functionality. The manipulation of the argument name leads to SQL injection. This can be exploited remotely. Other parameters might also be affected.

Recommendations For version 1.0, patch immediately and validate input to prevent SQL injection. As a temporary workaround, consider restricting access to the /register.php file until a patch is available. Avoid using potentially vulnerable parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.