Key Information 1. Vulnerability ID: - VDB-281965 - CVE-2024-10424 2. Vulnerability Name: - Project Worlds Student Project Allocation System 1.0 Project Selection Page Remove_Project.php No SQL Injection 3. Affected Component: - Project Selection Page 4. Vulnerability Description: - An unknown code block in the file , which is part of the Project Selection Page component. - SQL injection vulnerability can be triggered via externally influenced input. - Classified under CWE-89. 5. Impact: - Affects confidentiality, integrity, and availability of Project Worlds Student Project Allocation System 1.0. 6. CVSS Meta Temp Score: - 6.0 7. Current Vulnerability Price: - $0-$5k 8. CTI Interest Score: - 1.28 9. Vulnerability Disclosure: - Vulnerability has been publicly disclosed and may be exploited. 10. Exploitability: - Exploitation appears relatively easy. - Attacks can be initiated remotely. - Known technical details and publicly available exploitation tools exist. 11. Search Suggestions: - Use to find potential vulnerable targets. 12. Recommendation: - Replace the affected component. Related Links VDB-281964 VDB-281966 Additional Information GitHub Link: - github.com MITRE ATT&CK Technique: - Exploits attack technique T1505. Google Hacking: - Potential vulnerable targets can be found via Google search.