SQL Injection Vulnerability in Daily Calories Monitoring Tool v1.0
CVE-2024-40472

9.8CRITICAL

Key Information:

Vendor: Sourcecodester
Status: Daily Calories Monitoring Tool
Vendor: CVE Published:; 12 August 2024

Summary

The Daily Calories Monitoring Tool version 1.0 from Sourcecodester is exposed to an SQL Injection vulnerability through the 'delete-calorie.php' script. This flaw allows attackers to manipulate SQL queries by injecting arbitrary code, potentially leading to unauthorized access to sensitive data. Attackers could exploit this vulnerability to extract, modify, or delete records from the database, jeopardizing the integrity and confidentiality of user information. Organizations utilizing this tool must implement appropriate security measures to mitigate the risks associated with this vulnerability.

References

https://www.sourcecodester.com/php/17445/daily-calories-m...

https://github.com/takekaramey/CVE_Writeup/blob/main/Sour...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Jul 5, 2024