SQL Injection Vulnerability in SourceCodeHero Clothes Recommendation System
CVE-2024-10338

7.2HIGH

Key Information:

Vendor

Sourcecodehero

Status
Clothes Recommendation System
Vendor
CVE Published:
24 October 2024

What is CVE-2024-10338?

The Clothes Recommendation System developed by SourceCodeHero is susceptible to a SQL Injection vulnerability. This issue arises in the admin interface, particularly tied to the /admin/home.php file, where the manipulation of the 'view' parameter can lead to unauthorized SQL queries. This vulnerability is critical as it allows remote attackers to exploit the system, potentially gaining access to sensitive data or compromising application integrity. As this exploit has been publicly disclosed, it is vital for users and administrators to apply necessary security patches and take preventive measures to protect against potential attacks.

Affected Version(s)

Clothes Recommendation System 1.0

References

https://vuldb.com/?id.281683
vdb-entrytechnical-description
https://vuldb.com/?ctiid.281683
signaturepermissions-required
https://vuldb.com/?submit.427447
third-party-advisory

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Delvy (VulDB User)
.