CVE-2024-5117 MEDIUM

CVE-2024-5117: SourceCodester Event Registration System portal.php sql injection

Vendor Sourcecodester
Product Event Registration System
Weakness CWE-89 · SQLi
Published May 20, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file portal.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265197 was assigned to this vulnerability.

Key dates

02Disclosure timeline

May 20, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-9295 SourceCodester Advocate Office Management System login.php sql injection CVE-2025-10002 ClickWhale <= 2.5.0 - Authenticated (Admin+) SQL injection CVE-2026-4778 SourceCodester Sales and Inventory System HTTP GET Parameter update_category.php sql injection CVE-2025-12608 itsourcecode Online Loan Management System manage_user.php sql injection CVE-2025-53937 WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint