SQL Injection Vulnerability in Project Worlds Simple Web-Based Chat Application
CVE-2024-10432

9.8CRITICAL

Key Information:

Vendor: Projectworlds
Status: Simple Web-based Chat Application
Vendor: CVE Published:; 28 October 2024

🔔 Create Projectworlds Vulnerability Alert

What is CVE-2024-10432?

A significant security flaw has been identified in the Project Worlds Simple Web-Based Chat Application version 1.0. This vulnerability arises from improper handling of user-supplied input in the /index.php file. Specifically, the application fails to sanitize the 'username' argument, which can be exploited via SQL injection attacks. Malicious actors can remotely exploit this weakness, allowing them to execute arbitrary SQL queries against the application's database. The implications of such an exploit could range from unauthorized viewing of sensitive data to complete database compromise. It's critical that users of this application take immediate steps to secure their systems, either by applying any available patches or limitations to their network environments.

References

https://vuldb.com/?id.281983

https://vuldb.com/?ctiid.281983

https://vuldb.com/?submit.432234

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024