← back
CVE-2024-51327

CVE-2024-51327

CVSS 9.8 CRITICALEPSS 0.8%CWE-89
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a