CVE-2024-12942

Name of the Vulnerable Software and Affected Versions 1000 Projects Portfolio Management System MCA version 1.0

Description A critical issue has been identified, allowing for SQL injection through the manipulation of the username and password arguments in an unknown function of the file /admin/admin login.php. This can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For 1000 Projects Portfolio Management System MCA version 1.0, consider disabling the affected function in /admin/admin login.php to prevent SQL injection attacks until a patch is available. Restrict access to the /admin/admin login.php file to minimize the risk of exploitation. Avoid using the username and password arguments in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.