CVE-2024-57328
Published: 23 January 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2024-57328 is a SQL injection vulnerability (CWE-89) affecting the login form in Online Food Ordering System version 1.0. The issue stems from improper sanitization of the username and password input fields, which allows attackers to inject malicious SQL queries directly into the backend database operations.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network by any unauthenticated attacker with low attack complexity and no requirement for user interaction. Successful exploitation enables attackers to bypass authentication mechanisms and gain unauthorized access to the system, potentially leading to high-impact compromise of confidentiality, integrity, and availability.
The provided reference points to a GitHub repository at https://github.com/fatihtuzunn/CVEs/tree/main/CVE-2024-57328, which documents the vulnerability but does not specify mitigation steps or available patches in the given details.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SQL injection in the public-facing login form enables exploitation of a public-facing application to bypass authentication and gain unauthorized access.