CRITICAL🇵🇱 Wersja polska

CVE-2024-34479

CVSS 9.8v3.1pub. 2024-08-07upd. 2024-08-08

SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection.

🤖 AI Analysis
How it works

The vulnerability consists of improper validation and parameterization of input data passed through the id parameter to the classes/Master.php file. An attacker can inject malicious SQL code directly into the query executed on the database. The attack requires no authentication or user interaction, and the network vector (AV:N) means it can be carried out remotely over the network.

Impact

An attacker can gain full access to the application's database — including reading, modifying, and deleting data — which can lead to violations of confidentiality, integrity, and system availability. In certain configurations, execution of system commands on the server is also possible.

Mitigation & patch

Apply patches available from the vendor according to the references. It is also recommended to implement parameterized SQL queries (prepared statements) in the application code and restrict system access only to trusted networks or apply application-level firewall (WAF).

Who is affected

SourceCodester Computer Laboratory Management System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oretnom23 Computer Laboratory Management System

    APP
    Oretnom23
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-34480CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Computer Laboratory Management System 1.0

CVE-2024-31545CRITICAL9.4PL ✓ten sam produkt

SQL Injection w Computer Laboratory Management System v1.0 (parametr 'id')

CVE-2024-31547CRITICAL9.1PL ✓ten sam produkt

SQL Injection w Computer Laboratory Management System v1.0

CVE-2024-31546CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Computer Laboratory Management System v1.0 — parametr 'id'

CVE-2025-45956HIGH8.8ten sam produkt

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1....