SQL Injection Vulnerability in SourceCodeHero Clothes Recommendation System Admin Login Page
CVE-2024-10336

7.3HIGH

Key Information:

Vendor

Sourcecodehero

Status
Clothes Recommendation System
Vendor
CVE Published:
24 October 2024

What is CVE-2024-10336?

A serious SQL injection vulnerability has been identified in the SourceCodeHero Clothes Recommendation System, specifically affecting version 1.0. This vulnerability stems from improper handling of user inputs in the /admin/index.php file within the admin login page component. An attacker can exploit this weakness by manipulating the 't1' argument, allowing unauthorized database queries to be executed remotely. The consequences of this vulnerability may lead to data leakage, unauthorized access to sensitive information, and further system compromise. As the exploit has already been publicly disclosed, it is imperative for users to apply necessary patches and implement security measures to mitigate the associated risks.

Affected Version(s)

Clothes Recommendation System 1.0

References

https://vuldb.com/?id.281681
vdb-entrytechnical-description
https://vuldb.com/?ctiid.281681
signaturepermissions-required
https://vuldb.com/?submit.427442
third-party-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Delvy (VulDB User)
JSON
.