CRITICAL🇵🇱 Wersja polska

CVE-2024-31546

CVSS 9.8v3.1pub. 2024-04-19upd. 2025-04-14

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php.

🤖 AI Analysis
How it works

An attacker sends a crafted HTTP request to the /admin/damage/view_damage.php endpoint, injecting malicious SQL code into the 'id' parameter. The application does not properly validate or filter input data, so the injected code is executed directly by the database engine. The lack of authentication requirement (PR:N) and low attack complexity (AC:L) make the exploit executable without any special prerequisites.

Impact

An attacker can gain unauthorized access to all data stored in the database (confidentiality), modify or delete data (integrity), and in certain configurations cause system unavailability (availability). It is also possible to steal authentication credentials to the system and take over administrator accounts.

Mitigation & patch

Patches available from the vendor should be applied according to the references. Until the fix is implemented, it is recommended to restrict access to the administration panel (/admin/) at the firewall or web server level and implement parameterized SQL queries (prepared statements) in the application code.

Who is affected

Computer Laboratory Management System v1.0 by Oretnom23

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oretnom23 Computer Laboratory Management System

    APP
    Oretnom23
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-34479CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Computer Laboratory Management System

CVE-2024-34480CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Computer Laboratory Management System 1.0

CVE-2024-31545CRITICAL9.4PL ✓ten sam produkt

SQL Injection w Computer Laboratory Management System v1.0 (parametr 'id')

CVE-2024-31547CRITICAL9.1PL ✓ten sam produkt

SQL Injection w Computer Laboratory Management System v1.0

CVE-2025-45956HIGH8.8ten sam produkt

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1....