PT-2024-38503 · Code Projects · Code-Projects College Management System
Liumingxuan
·
Published
2024-08-11
·
Updated
2024-08-16
·
CVE-2024-7681
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects College Management System version 1.0
Description
A critical issue affects the login.php file of the Login Page component, allowing for SQL injection through the manipulation of the
email and password arguments. This can be initiated remotely. The issue has been publicly disclosed and may be exploited.Recommendations
For code-projects College Management System version 1.0, patch immediately to prevent exploitation attempts. Monitor for potential exploitation. As a temporary workaround, consider restricting access to the login.php file until a patch is applied. Avoid using the
email and password arguments in the affected login page until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code-Projects College Management System