CVE-2024-3000

Name of the Vulnerable Software and Affected Versions code-projects Online Book System version 1.0

Description A critical vulnerability was found in the code-projects Online Book System. This issue affects the file /index.php and is related to the manipulation of the username, password, login username, and login password arguments, leading to SQL injection. The attack can be initiated remotely.

Recommendations For code-projects Online Book System version 1.0, consider disabling the login functionality until a patch is available to prevent SQL injection attacks. Restrict access to the /index.php file to minimize the risk of exploitation. Avoid using the username, password, login username, and login password arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.