CVE-2024-6728

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0

Description: A critical issue has been found in the Tailoring Management System, affecting the file typeedit.php. The manipulation of the id argument leads to SQL injection, allowing an attacker to execute arbitrary SQL code, gain unauthorized access to read or modify data, gain control of the system, or cause a denial of service. The attack can be initiated remotely.

Recommendations: For Tailoring Management System version 1.0, consider disabling the id argument in the typeedit.php file as a temporary workaround to prevent SQL injection attacks. Restrict access to the typeedit.php file to minimize the risk of exploitation. Avoid using the id parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.