PT-2024-37444 · Unknown · Sourcecodester Student Management System
Hryspa_Hodor
·
Published
2024-06-20
·
Updated
2024-09-06
·
CVE-2024-6191
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
itsourcecode Student Management System version 1.0
Description:
A critical vulnerability has been found in the itsourcecode Student Management System, affecting the login page, specifically the file login.php. The manipulation of the
user argument leads to SQL injection. This issue can be exploited remotely.Recommendations:
For itsourcecode Student Management System version 1.0, update the software urgently to prevent SQL injection attacks through the login page. As a temporary workaround, consider restricting access to the login page or disabling the
user argument manipulation until a patch is available.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Student Management System