ГлавнаяУязвимости → CVE-2024-51327
9.8критическая

CVE-2024-51327

Описание

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.

Затрагиваемое ПО
Projectworlds Travel management system
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51327%20-%20SQLi%20Auth%20Bypasshttps://projectworlds.in/