CVE-2024-2265
Published: 07 March 2024
Summary
CVE-2024-2265 is a medium-severity Inclusion of Sensitive Information in Source Code (CWE-540) vulnerability in Keerti1924 Php Mysql User Signup Login System. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 27.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-27220
Vulnerability details
A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack…
more
remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256035. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Exposes password hashes and software details in publicly accessible login.sql source code, enabling collection of unsecured credentials from files and reconnaissance for victim identity/host information.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Detection and removal of spilled information addresses cases where sensitive data was included in source code.
Screening helps prevent intentional insertion of sensitive information into source code by untrusted developers.
Prevents inclusion of sensitive information in source code and development artifacts through SDLC-wide OPSEC controls.