CRITICAL🇵🇱 Wersja polska

CVE-2024-51327

CVSS 9.8v3.1pub. 2024-11-04upd. 2024-11-06

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.

🤖 AI Analysis
How it works

An attacker sends a crafted request to the login form (loginform.php), injecting malicious SQL code into the 'username' and 'password' fields. Because the input data is not properly validated or parameterized, the injected SQL code is directly interpreted by the database engine. As a result, the logic of the authentication query is modified in such a way that the attacker gains access to the system without knowing the correct login credentials.

Impact

An attacker can completely bypass the authentication mechanism and gain unauthorized access to the application, potentially with administrator privileges. This can lead to breaches of confidentiality, integrity, and availability of data processed by the system.

Mitigation & patch

Manufacturer patches should be applied in accordance with the references provided. Additionally, it is recommended to immediately implement parameterized SQL queries (prepared statements) and input validation in the login form. Until the patch is applied, consider disabling public access to the application.

Who is affected

Projectworlds Travel Management System v1.0 — loginform.php file

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Projectworlds Travel Management System

    APP
    Projectworlds
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2020-24203CRITICAL9.8ten sam produkt

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Pro...

CVE-2024-51326HIGH7.5ten sam produkt

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execut...

CVE-2025-9925MEDIUM5.5ten sam produkt

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown proce...

CVE-2025-9924MEDIUM5.5ten sam produkt

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unkno...

CVE-2025-9926MEDIUM5.5ten sam produkt

A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function ...