CVE-2024-24092

Name of the Vulnerable Software and Affected Versions Scholars Tracking System version 1.0

Description The issue allows attackers to run arbitrary code via the login.php endpoint. This is achieved through a SQL Injection attack, where an attacker can inject malicious SQL code to manipulate the database. The login.php endpoint is vulnerable to this type of attack, potentially allowing unauthorized access and data manipulation.

Recommendations For Scholars Tracking System version 1.0, consider disabling the login.php endpoint until a patch is available to prevent exploitation. Restrict access to the database to minimize the risk of data manipulation. Avoid using user-input data directly in SQL queries to prevent SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.