CVE-2024-28322

Name of the Vulnerable Software and Affected Versions PuneethReddyHC Event Management version 1.0

Description The issue allows attackers to run arbitrary SQL commands via the event id parameter in a crafted POST request to the "/event-management-master/backend/register.php" API endpoint. This enables attackers to potentially extract or modify sensitive data.

Recommendations For version 1.0, consider disabling the event id parameter in the "/event-management-master/backend/register.php" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the event id parameter in crafted POST requests to this endpoint until the issue is resolved.