CVE-2024-46078
Description
itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Sports Management System 1.0 has SQL injection in player.php's delete_category function via the id parameter, allowing unauthorized database access.
Vulnerability
SQL injection vulnerability exists in the delete_category function of player.php in itsourcecode Sports Management System Project 1.0. An attacker can inject arbitrary SQL through the id parameter, which is not properly sanitized. [1]
Exploitation
An attacker can exploit this by sending a crafted HTTP request to the vulnerable endpoint with a malicious id parameter. No authentication or special privileges are required. The injection point is directly accessible via the web interface.
Impact
Successful exploitation allows an attacker to execute arbitrary SQL queries against the database. This can lead to data theft, modification, or deletion, including potentially extracting admin credentials or other sensitive information.
Mitigation
As of the publication date (2024-10-04), no patch or workaround has been released by the vendor. Users should restrict network access to the application and monitor for unauthorized activity until an official fix is available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- itsourcecode/Sports Management System Projectdescription
- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.