CVE-2024-28558

2024-04-1519:15:09

[email protected]

web.nvd.nist.gov

cve-2024-28558

sql injection

petrol pump management

remote attack

arbitrary code

privilege escalation

sensitive information

8.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.

References

github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md

github.com/xuanluansec/vul/issues/3#issue-2243633522