CVE-2024-0473: code-projects Dormitory Management System comment.php sql injection
First published: Fri Jan 12 2024(Updated: )
A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| code-projects Dormitory Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-0473?
CVE-2024-0473 is classified as a critical vulnerability.
What kind of vulnerability is CVE-2024-0473?
CVE-2024-0473 is a SQL injection vulnerability.
How can CVE-2024-0473 be exploited?
CVE-2024-0473 can be exploited remotely by manipulating the argument 'com' in the file comment.php.
Which software is affected by CVE-2024-0473?
CVE-2024-0473 affects code-projects Dormitory Management System version 1.0.
How do I fix CVE-2024-0473?
To fix CVE-2024-0473, input validation and parameterized queries should be implemented in the comment.php file.
- agent/references
- agent/author
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/event
- agent/source
- vendor/code-projects
- canonical/code-projects dormitory management system
- version/code-projects dormitory management system/1.0