SQL Injection Vulnerability in SourceCodester Aplaya Beach Resort Online Reservation System
CVE-2024-3355

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Aplaya Beach Resort Online Reservation System
Vendor: CVE Published:; 5 April 2024

Summary

A vulnerability affecting the SourceCodester Aplaya Beach Resort Online Reservation System 1.0 allows an attacker to exploit a flaw in the administration functionality located in the file admin/mod_users/controller.php. By manipulating the input parameter 'name' during the user creation process, an attacker can execute SQL injection, potentially gaining unauthorized access to the database. This exploitation can occur remotely, and since the vulnerability has been made public, it poses a significant risk. Users of this system should take immediate action to mitigate the threat by applying security patches and reviewing their database configurations.

References

https://vuldb.com/?id.259459

https://vuldb.com/?ctiid.259459

https://vuldb.com/?submit.310224

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2024