SQL Injection Vulnerability in SourceCodester Testimonial Page Manager
CVE-2024-1197

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Testimonial Page Manager
Vendor: CVE Published:; 2 February 2024

Summary

A vulnerability has been detected within SourceCodester's Testimonial Page Manager version 1.0 that affects the delete-testimonial.php file. This vulnerability allows an attacker to manipulate the 'testimony' argument, leading to a SQL injection, which can be executed remotely. Exploitation of this vulnerability poses significant security risks to data integrity and confidentiality, making it essential for users of the affected version to apply necessary updates and mitigate potential threats.

Affected Version(s)

Testimonial Page Manager 1.0

References

https://vuldb.com/?id.252695

vdb-entrytechnical-description

https://vuldb.com/?ctiid.252695

signaturepermissions-required

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Feb 2, 2024

Credit

Michael Blunt

mikel22 (VulDB User)