SQL Injection Vulnerability in SourceCodester Simple Customer Relationship Management System
CVE-2023-24204

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Simple Customer Relationship Management System
Vendor: CVE Published:; 14 May 2024

Summary

An SQL injection vulnerability exists in the SourceCodester Simple Customer Relationship Management System version 1.0. This security flaw allows attackers to manipulate SQL queries by injecting arbitrary code through the 'name' parameter in the get-quote.php file. Exploitation of this vulnerability can lead to unauthorized access and execution of harmful SQL statements, potentially compromising sensitive data and system integrity.

References

https://www.sourcecodester.com

https://momonguyen.com/2023/cve-2023-24203/

https://github.com/momo1239/CVE-2023-24203-and-CVE-2023-2...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024