CVE-2024-28558

Name of the Vulnerable Software and Affected Versions sourcecodester Petrol pump management software version 1.0

Description The issue allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the "admin/app/web crud.php" API endpoint.

Recommendations For sourcecodester Petrol pump management software version 1.0, consider restricting access to the "admin/app/web crud.php" endpoint until a patch is available. As a temporary workaround, avoid using potentially vulnerable parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.