SQL Injection Vulnerability in Code-Projects Mobile Shop Login Page
CVE-2024-2927

9.8CRITICAL

Key Information:

Vendor

Code-projects

Status
Mobile Shop
Vendor
CVE Published:
26 March 2024

What is CVE-2024-2927?

A critical SQL injection vulnerability has been identified in the Login Page component of Code-Projects Mobile Shop version 1.0. This vulnerability is triggered through improper validation of input parameters within the Details.php file, specifically affecting the 'id' argument. Attackers can exploit this flaw remotely, allowing them to execute arbitrary SQL queries and potentially manipulate or extract sensitive data from the underlying database. This vulnerability poses a significant risk to the integrity and confidentiality of user data, and its public disclosure means that attackers may actively seek to exploit it in the wild. Organizations using this software are strongly encouraged to apply security patches and implement necessary mitigations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mobile Shop 1.0

References

https://vuldb.com/?id.258000
vdb-entrytechnical-description
https://vuldb.com/?ctiid.258000
signaturepermissions-required
https://vuldb.com/?submit.304053
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

hazim.arbas (VulDB User)
JSON
.