PT-2024-39235 · Unknown · Code-Projects Crud Operation System
948520331
+1
·
Published
2024-09-12
·
Updated
2024-09-17
·
CVE-2024-8762
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
code-projects Crud Operation System version 1.0
Description:
A critical issue has been found in the code-projects Crud Operation System, affecting an unknown part of the file /updatedata.php. The manipulation of the
sid argument leads to SQL injection. It is possible to initiate the attack remotely.Recommendations:
For code-projects Crud Operation System version 1.0, patch immediately and validate input on the backend to prevent exploitation. As a temporary workaround, consider restricting access to the /updatedata.php file until a patch is available. Avoid using the
sid parameter in the affected file until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code-Projects Crud Operation System