CVE-2024-2264

Name of the Vulnerable Software and Affected Versions keerti1924 PHP-MYSQL-User-Login-System version 1.0

Description The issue is related to the lack of protection against SQL query structure exploitation in the /login.php component of the user registration and login system. This can allow a remote attacker to gain unauthorized access to the application. The manipulation of the email argument leads to SQL injection. The attack can be launched remotely.

Recommendations For keerti1924 PHP-MYSQL-User-Login-System version 1.0, consider disabling the /login.php component until a patch is available to prevent SQL injection attacks. Restrict access to the email argument in the /login.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.