CRITICAL🇵🇱 Wersja polska

CVE-2024-24093

CVSS 9.8v3.1pub. 2024-03-12upd. 2025-04-03

SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information.

🤖 AI Analysis
How it works

The vulnerability exists in the Personal Information Update functionality. An attacker can enter maliciously crafted input data into the appropriate form field, which is then passed directly to an SQL query without proper validation or sanitization. This makes it possible to modify the logic of the database query and execute arbitrary SQL commands (CWE-89).

Impact

An attacker can gain full control over the application's database — read, modify or delete stored data, and potentially execute arbitrary code on the server side, resulting in violations of system confidentiality, integrity and availability.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to implement parameterized SQL queries and input data validation mechanisms, as well as restrict network access to the application to trusted sources.

Who is affected

Code-Projects Scholars Tracking System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Code Projects Scholars Tracking System

    APP
    Code-Projects
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-24101CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Code-Projects Scholars Tracking System 1.0

CVE-2024-24092HIGH7.8ten sam produkt

SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrar...

CVE-2024-24097MEDIUM5.4ten sam produkt

Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run...

CVE-2024-24099MEDIUM5.4ten sam produkt

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information ...

CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor

Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień