SQL Injection Vulnerability in SourceCodester Online Library System
CVE-2024-3359
9.8CRITICAL
Key Information:
- Vendor
Sourcecodester
- Status
- Vendor
- CVE Published:
- 6 April 2024
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2024-3359?
A significant SQL injection vulnerability exists in SourceCodester's Online Library System version 1.0, specifically concerning the processing of the 'user_email' argument within the admin/login.php file. This vulnerability allows potential attackers to execute remote commands by manipulating the 'user_email' input, which could lead to unauthorized access and data compromise. Given its public disclosure, immediate action is advised to mitigate risk and secure affected systems.
Affected Version(s)
Online Library System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.