CVE-2024-1197
Published: 02 February 2024
Summary
CVE-2024-1197 is a high-severity SQL Injection (CWE-89) vulnerability in Remyandrade Testimonial Page Manager. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-16964
Vulnerability details
A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads…
more
to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web application (delete-testimonial.php) enables exploitation of public-facing applications (T1190). VulDB explicitly maps to server software component abuse (T1505), with PoC for RCE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.