SQL Injection Vulnerability in SourceCodester Aplaya Beach Resort Online Reservation System
CVE-2024-3356

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Aplaya Beach Resort Online Reservation System
Vendor: CVE Published:; 5 April 2024

Summary

A SQL injection vulnerability has been identified in the Aplaya Beach Resort Online Reservation System, version 1.0. An issue exists in the 'admin/mod_settings/controller.php?action=add' functionality, where a manipulation of the argument type can lead to unauthorized database access. This vulnerability is particularly concerning as it allows attackers to execute arbitrary SQL queries remotely, potentially exposing sensitive data and compromising the integrity of the application. Public disclosure of this exploit heightens the urgency for users to apply necessary patches and adhere to security best practices to mitigate potential risks.

References

https://vuldb.com/?id.259460

https://vuldb.com/?ctiid.259460

https://vuldb.com/?submit.310225

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2024