CVE-2024-28613

2024-04-2400:00:00

mitre

www.cve.org

sql injection

php

task management system

cve-2024-28613

remote attacker

privilege escalation

sensitive information

task-details.php

edit-task.php

AI Score

7.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component.

References

github.com/hakkitoklu/hunt/blob/main/PHP%20Task%20Management%20System/sqli.md

www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html