CVE-2024-1831

Name of the Vulnerable Software and Affected Versions SourceCodester Complete File Management System version 1.0

Description A critical issue was found in the Login Form component of the affected software, specifically in the file users/index.php. The username argument is vulnerable to manipulation, which can lead to SQL injection when input like torada%27+or+%271%27+%3D+%271%27+--+- is used. This issue can be exploited remotely.

Recommendations For SourceCodester Complete File Management System version 1.0, consider disabling the Login Form component or restricting access to the users/index.php file until a patch is available. Avoid using the username argument in the affected login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.