CVE Catalog
CVE-2024-37858
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk0.78%
52th percentile - higher than 52% of all known CVEs
Summary
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter in manage_category.php.
Risk Assessment
An attacker can gain unauthorized access to data or take control of the application, leading to confidentiality and integrity breaches.
Recommendation
Immediately update the software to the latest version and implement parameterized SQL queries or input validation.
Original NVD description (English source)
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.

