Skip to main content

Engineers Online Portal CVE-2024-0182

HIGH
SQL Injection (CWE-89)
2024-01-01 cna@vuldb.com
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:32 vuln.today
CVE Published
Jan 01, 2024 - 21:15 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440.

AnalysisAI

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440. Affected products include: Janobe Engineers Online Portal.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2023-5282 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-5281 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-5280 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated critical sever

CVE-2023-5279 CRITICAL POC
9.8 Sep 29

A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated critical

CVE-2023-5278 CRITICAL POC
9.8 Sep 29

A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Rated critic

CVE-2023-5277 CRITICAL POC
9.8 Sep 29

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0.php. Rat

CVE-2023-5276 CRITICAL POC
9.8 Sep 29

A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity

CVE-2021-42670 CRITICAL POC
9.8 Nov 05

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announ

CVE-2021-42669 CRITICAL POC
9.8 Nov 05

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which all

CVE-2021-42668 CRITICAL POC
9.8 Nov 05

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_cla

CVE-2021-42665 CRITICAL POC
9.8 Nov 05

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of inde

CVE-2023-5284 HIGH POC
8.8 Sep 29

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Rated high severity

Share

CVE-2024-0182 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy