CVE-2024-24495

Name of the Vulnerable Software and Affected Versions Daily Habit Tracker version 1.0

Description The issue allows a remote attacker to execute arbitrary code via a crafted GET request. This is due to a SQL Injection vulnerability in the delete-tracker.php file.

Recommendations For Daily Habit Tracker version 1.0, consider disabling the delete-tracker.php file until a patch is available to prevent exploitation. Restrict access to this file to minimize the risk of arbitrary code execution. Avoid using crafted GET requests to the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.