CVE-2024-28558

2024-04-1500:00:00

mitre

www.cve.org

sql injection

petrol pump

management software

remote attackers

arbitrary code

privilege escalation

sensitive information

crafted payload

web crud.

8.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.

References

github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md

github.com/xuanluansec/vul/issues/3#issue-2243633522