CRITICAL🇵🇱 Wersja polska

CVE-2024-24101

CVSS 9.8v3.1pub. 2024-03-12upd. 2025-03-13

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update.

🤖 AI Analysis
How it works

The vulnerability results from the lack of proper validation and sanitization of input data passed to database queries in the eligibility information update section. An attacker can inject malicious SQL code directly into query parameters, thereby manipulating the database logic. Due to the network vector (AV:N) and lack of authentication requirement (PR:N) and user interaction (UI:N), the attack can be conducted remotely by an unauthorized person.

Impact

An attacker can obtain unauthorized access to data stored in the database, modify or delete data, and under favorable conditions take control of the database server, which includes complete violation of the system's confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Additionally, it is recommended to implement parameterized SQL queries (prepared statements) and server-side input data validation. Until the fix is applied, consider restricting access to the vulnerable module at the firewall or application server level.

Who is affected

Code-Projects Scholars Tracking System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Code Projects Scholars Tracking System

    APP
    Code-Projects
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-24093CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Code-Projects Scholars Tracking System 1.0

CVE-2024-24092HIGH7.8ten sam produkt

SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrar...

CVE-2024-24097MEDIUM5.4ten sam produkt

Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run...

CVE-2024-24099MEDIUM5.4ten sam produkt

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information ...

CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor

Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień