CVE-2024-55509

Name of the Vulnerable Software and Affected Versions CodeAstro Complaint Management System version 1.0

Description The issue allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the "delete.php" component. This is a result of a SQL injection vulnerability in the CodeAstro Complaint Management System.

Recommendations For CodeAstro Complaint Management System version 1.0, consider disabling the delete.php component or restricting access to it until a patch is available. Avoid using the id parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.