CVE-2024-51060
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk36th percentile - higher than 36% of all known CVEs
Summary
Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter. An attacker can manipulate this parameter to execute unauthorized database queries.
Risk Assessment
The risk includes potential leakage of sensitive data such as applicants' personal information, as well as the possibility of modifying or deleting database records. This could compromise the confidentiality and integrity of the system.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, validate and sanitize all input data, especially the 'a_id' parameter, and use prepared statements.
Original NVD description (English source)
Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.

