CRITICAL🇵🇱 Wersja polska

CVE-2024-34955

CVSS 9.8v3.1pub. 2024-05-15upd. 2025-04-04

Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter.

🤖 AI Analysis
How it works

An attacker sends a crafted HTTP request containing a malicious SQL payload in the delete parameter, which is passed directly to the database query without proper validation or parameterization. The lack of input data sanitization allows injection of arbitrary SQL instructions that will be executed by the database engine. The attack does not require authentication, user interaction, or special privileges, and the network vector allows it to be carried out remotely.

Impact

An attacker can gain unauthorized access to sensitive data stored in the database, modify or delete data, and in favorable configurations potentially take control of the database server. The vulnerability threatens the confidentiality, integrity, and availability of the system.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. As mitigating measures, it is recommended to implement parameterized SQL queries (prepared statements), validation and sanitization of input data on the server side, and restrict access to the application at the firewall level to trusted sources.

Who is affected

Code-Projects Budget Management version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Code Projects Budget Management

    APP
    Code-Projects
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-5048MEDIUM5.3ten sam produkt

A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vuln...

CVE-2024-34954MEDIUM6.1ten sam produkt

Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.

CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor

Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień

CVE-2023-41505CRITICAL9.8PL ✓ten sam vendor

Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP

CVE-2024-24093CRITICAL9.8PL ✓ten sam vendor

SQL Injection w Code-Projects Scholars Tracking System 1.0