SQL Injection Vulnerability in SourceCodeHero Clothes Recommendation System
CVE-2024-10337

7.2HIGH

Key Information:

Vendor

Sourcecodehero

Status
Clothes Recommendation System
Vendor
CVE Published:
24 October 2024

What is CVE-2024-10337?

A critical security vulnerability has been identified in the SourceCodeHero Clothes Recommendation System version 1.0. This flaw resides in an unspecified function accessed via the URL path /admin/home.php?con=add. Attackers can exploit this vulnerability by manipulating the parameters cat, subcat, t1, t2, and text to perform SQL injection, potentially leading to unauthorized access to sensitive database information. The vulnerability is characterized by its ability to be exploited remotely, underscoring the importance of implementing security measures promptly to mitigate risks. The details of this exploit have been publicly disclosed, elevating the need for immediate action among users and administrators of the affected product.

Affected Version(s)

Clothes Recommendation System 1.0

References

https://vuldb.com/?id.281682
vdb-entrytechnical-description
https://vuldb.com/?ctiid.281682
signaturepermissions-required
https://vuldb.com/?submit.427443
third-party-advisory

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Delvy (VulDB User)
.