PT-2024-17273 · Unknown · 1000 Projects Portfolio Management System Mca

Wackymaker

Published

2024-11-26

Updated

2024-12-03

CVE-2024-11819

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 1000 Projects Portfolio Management System MCA version 1.0

Description A critical issue has been found in the code of the /forgot password process.php file. The manipulation of the username argument leads to a SQL injection. The attack can be initiated remotely.

Recommendations For version 1.0, consider disabling the /forgot password process.php file until a patch is available to prevent SQL injection attacks by manipulating the username argument. Restrict access to this file to minimize the risk of exploitation. Avoid using the username argument in the affected file until the issue is resolved.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2024-11819

Affected Products

1000 Projects Portfolio Management System Mca

PT-2024-17273 · Unknown · 1000 Projects Portfolio Management System Mca

CVE-2024-11819

Weakness Enumeration

Related Identifiers

Affected Products

References · 8