CVE-2024-28558 — SQL Injection in Petrol Pump Management

CWE-89 — SQL Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.8%
top 17.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mayurik Petrol Pump Management
Timeline
PublishedApr 15

Description

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5fg3-5f62-3f6j: SQL Injection vulnerability in sourcecodester Petrol pump management software v1↗2024-04-15
â–¶
CVEList
CVE-2024-28558: SQL Injection vulnerability in sourcecodester Petrol pump management software v1↗2024-04-15
â–¶
CVE-2024-28558 — SQL Injection | cvebase