SQL Injection Vulnerability in SourceCodester Aplaya Beach Resort Online Reservation System
CVE-2024-3354

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Aplaya Beach Resort Online Reservation System
Vendor: CVE Published:; 5 April 2024

Summary

A significant vulnerability has been identified in the Aplaya Beach Resort Online Reservation System developed by SourceCodester. This issue arises from an SQL injection flaw found in the file 'admin/mod_users/index.php', where unsanitized user input is processed. The vulnerability allows remote attackers to manipulate the 'id' parameter, potentially leading to unauthorized access to the database. Given the critical nature of this flaw, it poses a serious threat as it can be exploited publicly, enabling malicious actors to execute arbitrary SQL queries. Organizations using this system must take immediate action to secure their applications against potential data breaches and unauthorized data modifications.

References

https://vuldb.com/?id.259458

https://vuldb.com/?ctiid.259458

https://vuldb.com/?submit.310222

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2024