PT-2024-17835 · Unknown · 1000 Projects Daily College Class Work Report Book
Alc9700
+1
·
Published
2024-12-26
·
Updated
2024-12-31
·
CVE-2024-12964
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
1000 Projects Daily College Class Work Report Book version 1.0
Description
A critical issue has been found, affecting an unknown part of the file /login.php. The manipulation of the
user argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
For version 1.0, update to the latest version and implement input sanitization to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the /login.php file until the issue is resolved. Avoid using the
user argument in the /login.php file until the issue is fixed.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1000 Projects Daily College Class Work Report Book