Remote SQL Injection Vulnerability in SourceCodester Online Courseware
CVE-2024-3420
Key Information:
- Vendor
Sourcecodester
- Status
- Vendor
- CVE Published:
- 7 April 2024
Badges
What is CVE-2024-3420?
A critical vulnerability has been discovered in the SourceCodester Online Courseware version 1.0, specifically within the admin/saveedit.php functionality. This vulnerability arises from improper input validation when the 'id' argument is manipulated, leading to SQL injection attacks. Such exploits could potentially allow unauthorized remote attackers to execute malicious SQL statements, compromising the integrity and confidentiality of the database. The existence of this vulnerability emphasizes the need for immediate action to ensure system security, especially as the exploit details have already been disclosed publicly. Comprehensive remediation measures should be taken to protect against potential exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Online Courseware 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved