CVE-2024-4928

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published May 16, 2024

Updated: Jun 4, 2024

CWE ID 89

Summary

CVE-2024-4498: A critical vulnerability was discovered in SourceCodester Simple Online Bidding System 1.0. The issue lies within an unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. Manipulation of the id argument enables SQL injection, making the exploit remotely executable. The vulnerability has been disclosed to the public and may be actively exploited. (VDB-264464)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SourceCodester Simple Online Bidding System

Affected Vendors

Sourcecodester

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/v8bwZh
https://www.cve.org/CVERecord?id=CVE-2024-4928
https://nvd.nist.gov/vuln/detail/CVE-2024-4928

Back to Vulnerability Database