CVE-2024-28558

HIGH

Petrol Pump Management Software 1.0 - SQL Injection via admin/app/web_crud.php

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0116
EPSS Percentile 63.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
mayurik/petrol_pump_management 1.0
Published Apr 15, 2024
Tracked Since Feb 18, 2026