PT-2024-22854 · Sourcecodester · Sourcecodester Php Task Management System

Published

2024-03-25

Updated

2024-08-07

CVE-2024-29303

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester PHP Task Management System version 1.0

Description The delete admin users function is vulnerable to SQL Injection. This issue allows for potential exploitation, but no specific details about the estimated number of affected devices or real-world incidents are provided. The delete admin users function is the vulnerable component, but specific technical details such as API endpoints, vulnerable parameters, or function names are not mentioned.

Recommendations For SourceCodester PHP Task Management System version 1.0, consider disabling the delete admin users function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-29303

Affected Products

Sourcecodester Php Task Management System

PT-2024-22854 · Sourcecodester · Sourcecodester Php Task Management System

CVE-2024-29303

Weakness Enumeration

Related Identifiers

Affected Products

References · 8