PT-2024-24133 · Unknown · Computer Laboratory Management System
Emirhan Mutlu
·
Published
2024-04-22
·
Updated
2024-07-03
·
CVE-2024-31545
CVSS v3.1
9.4
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Computer Laboratory Management System version 1.0
Description
The issue allows for SQL Injection via the "id" parameter of the "/admin/?page=user/manage user&id=6" API endpoint. This means an attacker could potentially inject malicious SQL code using the
id variable.Recommendations
For Computer Laboratory Management System version 1.0, as a temporary workaround, consider restricting access to the "/admin/?page=user/manage user&id=6" API endpoint until a patch is available. Avoid using the
id parameter in this endpoint until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Computer Laboratory Management System