Stock Management System
CVE-2020-24197
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.
AnalysisAI
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. Affected products include: Stock Management System Project Stock Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Stock Management System
View allSourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Rated critical severi
A vulnerability was found in rickxy Stock Management System and classified as critical. Rated critical severity (CVSS 9.
A vulnerability was found in rickxy Stock Management System and classified as problematic.php?action=add. Rated high sev
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 a
A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical.php?f=login
A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Rated medium se
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers t
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Manag
A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic.php of the component Ad
A vulnerability was found in rickxy Stock Management System. Rated medium severity (CVSS 5.4), this vulnerability is rem
A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. Rated
A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. Ra
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today