CVE Catalog

CVE-2024-37858

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.78%

52th percentile - higher than 52% of all known CVEs

Summary

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter in manage_category.php.

Risk Assessment

An attacker can gain unauthorized access to data or take control of the application, leading to confidentiality and integrity breaches.

Recommendation

Immediately update the software to the latest version and implement parameterized SQL queries or input validation.

Original NVD description (English source)

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS