CVE-2024-2532 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-users.php id sql injection

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection.

This vulnerability is known as CVE-2024-2532. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-2532 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-users.php id sql injection

Related Posts

CVE-2023-48340 | Unisoc S8000 Video Decoder out-of-bounds write

CVE-2024-25533 | RuvarOA 6.01/12.01 OfficeFileUpdate.aspx information exposure

CVE-2024-29946 | Splunk Enterprise up to 9.0.8/9.1.3/9.2.0 Dashboard Studio App input validation (SVD-2024-0302)

CVE-2021-47176 | Linux Kernel up to 5.4.236/5.10.174/5.12.8 s390 dasd_generic_verify_path denial of service