SQL Injection Vulnerability in SourceCodester Aplaya Beach Resort Online Reservation System
CVE-2024-3355

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Aplaya Beach Resort Online Reservation System
Vendor: CVE Published:; 5 April 2024

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2024-3355?

A vulnerability affecting the SourceCodester Aplaya Beach Resort Online Reservation System 1.0 allows an attacker to exploit a flaw in the administration functionality located in the file admin/mod_users/controller.php. By manipulating the input parameter 'name' during the user creation process, an attacker can execute SQL injection, potentially gaining unauthorized access to the database. This exploitation can occur remotely, and since the vulnerability has been made public, it poses a significant risk. Users of this system should take immediate action to mitigate the threat by applying security patches and reviewing their database configurations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://vuldb.com/?id.259459

https://vuldb.com/?ctiid.259459

https://vuldb.com/?submit.310224

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2024

JSON

SourceCodester

What is CVE-2024-3355?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.