CVE-2024-51327
CVE-2024-51327
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
04 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a