SQL Injection Vulnerability in SourceCodester Computer Laboratory Management System
CVE-2024-3316

8.8HIGH

Key Information:

Vendor: SourceCodester Computer Laboratory Management System
Status: Computer Laboratory Management System
Vendor: CVE Published:; 4 April 2024

Summary

A serious SQL injection vulnerability has been identified in SourceCodester's Computer Laboratory Management System version 1.0, specifically within the file /admin/category/view_category.php. This vulnerability allows attackers to manipulate the 'id' parameter, enabling remote exploitation and unauthorized access to the system's database. If successfully exploited, the attacker could execute arbitrary SQL commands, potentially leading to data breaches and further system compromises. It's crucial for users and administrators of the affected system to apply patches or mitigation measures immediately to safeguard against this vulnerability.

References

https://vuldb.com/?id.259387

https://vuldb.com/?ctiid.259387

https://vuldb.com/?submit.309584

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2024