CVE-2024-2069: SourceCodester FAQ Management System delete-faq.php sql injection
First published: Fri Mar 01 2024(Updated: )
A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Affected is an unknown function of the file /endpoint/delete-faq.php. The manipulation of the argument faq leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255384.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Remyandrade Faq Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2069?
CVE-2024-2069 is classified as a critical vulnerability.
What kind of attack can be executed using CVE-2024-2069?
CVE-2024-2069 allows for a remote SQL injection attack due to improper handling of the 'faq' argument.
What is the affected software version for CVE-2024-2069?
CVE-2024-2069 affects SourceCodester FAQ Management System version 1.0.
How do I fix CVE-2024-2069?
To fix CVE-2024-2069, validate and sanitize input to the 'faq' parameter in the /endpoint/delete-faq.php file.
Is CVE-2024-2069 exploitable from outside the network?
Yes, CVE-2024-2069 is exploitable remotely.
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/remyandrade
- canonical/remyandrade faq management system
- version/remyandrade faq management system/1.0