CVE-2024-24140

HIGH

Daily Habit Tracker App 1.0 - SQL Injection via Tracker Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-24140. PoCs published by BurakSevben.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-24140, an SQL injection vulnerability in the Daily Habit Tracker App 1.0. It includes a step-by-step proof of concept using sqlmap to exploit the 'tracker' parameter in the delete-tracker.php endpoint, demonstrating the vulnerability's impact and exploitation method.

Description

Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'

Exploits (1)

nomisec WRITEUP
by BurakSevben · poc
https://github.com/BurakSevben/CVE-2024-24140

This repository provides a detailed technical analysis of CVE-2024-24140, an SQL injection vulnerability in the Daily Habit Tracker App 1.0. It includes a step-by-step proof of concept using sqlmap to exploit the 'tracker' parameter in the delete-tracker.php endpoint, demonstrating the vulnerability's impact and exploitation method.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Daily Habit Tracker App 1.0
Auth required
Prerequisites: Access to the application · Valid credentials (admin:admin) · Burp Suite or similar tool for request capture · sqlmap for exploitation
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.0116
EPSS Percentile 62.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
remyandrade/daily_habit_tracker 1.0
Published Jan 29, 2024
Tracked Since Feb 18, 2026