CVE-2024-5985: SourceCodester Best Online News Portal index.php sql injection
First published: Fri Jun 14 2024(Updated: )
A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268461 was assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Best Online News Portal | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-5985?
CVE-2024-5985 is classified as a critical vulnerability.
What type of vulnerability is CVE-2024-5985?
CVE-2024-5985 is a SQL injection vulnerability.
How does CVE-2024-5985 affect the application?
CVE-2024-5985 allows remote attackers to manipulate the username argument in the /admin/index.php file.
How do I fix CVE-2024-5985?
To fix CVE-2024-5985, sanitize and validate all user inputs and use prepared statements in your database queries.
What software is affected by CVE-2024-5985?
CVE-2024-5985 affects version 1.0 of the Mayurik Best Online News Portal.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mayurik
- canonical/best online news portal
- version/best online news portal/1.0