CVE-2024-12959

Name of the Vulnerable Software and Affected Versions 1000 Projects Portfolio Management System MCA version 1.0

Description A critical vulnerability was found in the 1000 Projects Portfolio Management System MCA. This issue affects the file /update personal details.php and can be exploited through the manipulation of the q argument, leading to SQL injection. The attack can be initiated remotely.

Recommendations For version 1.0, consider disabling access to the /update personal details.php file until a patch is available. As a temporary workaround, restrict the manipulation of the q argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.