CVE-2024-12950

HIGH WAF: High

CVSS 8.8 Published: 2024-12-26

CWE-89 CWE-89

A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

Affected Software

Vendor	Product	Version
code-projects	travel_management_system	1.0

References

vuldb.com (Permissions Required, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)
vuldb.com (Third Party Advisory, VDB Entry)

Back to CVE Database