CVE-2024-40402

MEDIUM

Sourcecodester Simple Library Management System 1.0 - SQL Injection

Title source: llm
STIX 2.1

Description

A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries.

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/CveSecLook/cve/issues/49

Scores

CVSS v3 6.3
EPSS 0.0037
EPSS Percentile 28.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
nikhil-bhalerao/simple_library_management_system 1.0
Published Jul 17, 2024
Tracked Since Feb 18, 2026