CVE-2024-51327

Name of the Vulnerable Software and Affected Versions ProjectWorld's Travel Management System version 1.0

Description The issue allows remote attackers to bypass authentication via SQL Injection in the username and password fields. This is a result of a SQL Injection vulnerability in the loginform.php file.

Recommendations For ProjectWorld's Travel Management System version 1.0, consider temporarily disabling the login functionality until a patch is available. Restrict access to the loginform.php file to minimize the risk of exploitation. Avoid using the username and password fields in the affected login form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.