Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
CVE-2024-8561: SourceCodester PHP CRUD 1.0: Remote SQL Injection in Delete Function
CVE-2024-8561
Summary
A critical flaw in the delete function of SourceCodester PHP CRUD 1.0 allows an attacker to inject malicious SQL code, potentially exposing sensitive data or compromising the entire system. This vulnerability can be exploited remotely, so it's essential to update the software as soon as possible to prevent unauthorized access. Update to the latest version of SourceCodester PHP CRUD to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| rems | php_crud |
1.0 cpe:2.3:a:rems:php_crud:1.0:*:*:*:*:*:*:* |
Original title
A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the componen...
Original description
A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument person leads to sql injection. The attack can be launched remotely.
nvd CVSS2.0
6.5
nvd CVSS3.1
9.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-89
SQL Injection
- https://vuldb.com/?ctiid.276781 Permissions Required
- https://vuldb.com/?id.276781 Permissions Required Third Party Advisory
- https://vuldb.com/?submit.403651 Third Party Advisory VDB Entry
- https://www.sourcecodester.com/ Product
Published: 7 Sep 2024 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026