CRITICAL🇵🇱 Wersja polska

CVE-2024-36779

CVSS 9.8v3.1pub. 2024-06-06upd. 2024-11-21

Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.

🤖 AI Analysis
How it works

An attacker can inject malicious SQL code through parameters passed to the editCategories.php script without any authentication. Lack of proper validation and sanitization of input data allows manipulation of queries directed to the database. This makes it possible to read, modify or delete data stored in the database.

Impact

An attacker can gain full access to the system's database — read sensitive data, modify it or delete it, and depending on server configuration, potentially take control of the system.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. As a temporary workaround, it is recommended to restrict access to the application at the firewall level and implement WAF rules blocking SQL Injection attempts.

Who is affected

Sourcecodester Stock Management System v1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Stock Management System Project Stock Management System

    APP
    Stock Management System Project
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-51951CRITICAL9.8PL ✓ten sam produkt

SQL Injection umożliwiający RCE w Stock Management System 1.0

CVE-2020-24197CRITICAL9.8ten sam produkt

A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to...

CVE-2022-4088HIGH7.3ten sam produkt

A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue...

CVE-2020-23830HIGH7.1ten sam produkt

A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management Sys...

CVE-2022-4089MEDIUM4.3ten sam produkt

A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnera...