CVE-2024-28556

CRITICAL

php_task_management_system 1.0 - SQL Injection via admin-manage-user.php

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0123
EPSS Percentile 65.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
mayurik/php_task_management_system 1.0
Published Apr 15, 2024
Tracked Since Feb 18, 2026