CRITICAL🇵🇱 Wersja polska

CVE-2024-34480

CVSS 9.8v3.1pub. 2024-08-07upd. 2024-08-08

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection.

🤖 AI Analysis
How it works

An attacker sends a specially crafted HTTP request to the admin/category/view_category.php endpoint, placing a malicious SQL payload in the 'id' parameter. The application does not properly validate or filter input data before passing it to the database query, which allows manipulation of the executed SQL query logic. Due to the network vector (AV:N), lack of authentication requirement (PR:N), and lack of user interaction (UI:N), the attack can be conducted remotely and fully automatically.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete data, and in certain database server configurations potentially execute system commands — which means complete loss of data confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to references. Additionally, it is recommended to implement parameterized queries (prepared statements) in the application code and restrict access to the administrative panel exclusively to trusted IP addresses.

Who is affected

SourceCodester Computer Laboratory Management System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oretnom23 Computer Laboratory Management System

    APP
    Oretnom23
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-34479CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SourceCodester Computer Laboratory Management System

CVE-2024-31545CRITICAL9.4PL ✓ten sam produkt

SQL Injection w Computer Laboratory Management System v1.0 (parametr 'id')

CVE-2024-31547CRITICAL9.1PL ✓ten sam produkt

SQL Injection w Computer Laboratory Management System v1.0

CVE-2024-31546CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Computer Laboratory Management System v1.0 — parametr 'id'

CVE-2025-45956HIGH8.8ten sam produkt

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1....