CVE-2024-55460

CVE-2024-55460 is a time-based SQL injection vulnerability affecting the login page of BoardRoom Limited Dividend Distribution Tax Election System version v2.0. This flaw, classified under CWE-89, enables attackers to execute arbitrary code through specially crafted input. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), reflecting its high severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.

Remote, unauthenticated attackers can exploit this vulnerability by submitting malicious payloads to the login page, leveraging time-based blind SQL injection techniques to infer data and escalate to arbitrary code execution. Successful exploitation grants high-impact access, compromising confidentiality, integrity, and availability of the affected system, potentially allowing full control over the server hosting the Dividend Distribution Tax Election System.

Advisories and further details are available in referenced sources, including a GitHub repository at https://github.com/Ap0k4L1p5/CVE-research/tree/master/CVE-2024-55460 containing exploit research, and the affected login endpoint at https://sgsrs.boardroomlimited.com/taxelection/login.aspx. No specific patches or mitigation steps are detailed in the provided information.