PT-2024-38297 · Sourcecodester · Sourcecodester Tracking Monitoring Management System

Topsky979

Published

2024-08-01

Updated

2024-08-09

CVE-2024-7366

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Tracking Monitoring Management System version 1.0

Description A critical issue has been found in the Login component, specifically affecting the /ajax.php?action=login file. The manipulation of the username argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For SourceCodester Tracking Monitoring Management System version 1.0, consider disabling the login functionality through the /ajax.php?action=login endpoint until a patch is available. Restrict access to the username argument in the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-7366

Affected Products

Sourcecodester Tracking Monitoring Management System

CVE-2024-7366

Weakness Enumeration

Related Identifiers

Affected Products

References · 8