CVE-2024-28557

2024-04-1519:15:09

[email protected]

web.nvd.nist.gov

sql injection

sourcecodester php

task management

remote attackers

arbitrary code

privilege escalation

sensitive information

crafted payload

update-admin.php

8.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.

References

github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md

github.com/xuanluansec/vul/issues/2