CVE-2024-12231: CodeZips Project Management System index.php sql injection
First published: Thu Dec 05 2024(Updated: )
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codezips Project Management System | ||
| Codezips Project Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-12231?
CVE-2024-12231 has been classified as a critical vulnerability.
What type of vulnerability is CVE-2024-12231?
CVE-2024-12231 is an SQL injection vulnerability.
What component of CodeZips Project Management System is affected by CVE-2024-12231?
CVE-2024-12231 affects the /index.php file in the CodeZips Project Management System.
Can CVE-2024-12231 be exploited remotely?
Yes, CVE-2024-12231 can be exploited remotely.
How do I fix CVE-2024-12231?
To mitigate CVE-2024-12231, ensure proper input validation and sanitation for the affected email argument in the application.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/codezips
- canonical/codezips project management system
- version/codezips project management system/1.0