SQL Injection Vulnerability in Itsourcecode Online Discussion Forum
CVE-2024-5733

7.3HIGH

Key Information:

Vendor

Itsourcecode

Status
Online Discussion Forum
Vendor
CVE Published:
7 June 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-5733?

A significant SQL injection vulnerability exists within the Itsoucecode Online Discussion Forum version 1.0 due to improper input handling in the register_me.php file. This flaw allows an attacker to manipulate the 'eaddress' argument, potentially leading to unauthorized access to sensitive data or control over the database. The vulnerability can be exploited remotely, making it a severe risk for organizations utilizing this software. As the exploit has been publicly disclosed, it is crucial for users to assess their installations and apply necessary security measures to mitigate potential risks. For detailed technical insights and remediation advice, refer to VDB-267407.

Affected Version(s)

Online Discussion Forum 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5733 - Proof of Concept

References

https://vuldb.com/?id.267407
vdb-entrytechnical-description
https://vuldb.com/?ctiid.267407
signaturepermissions-required
https://vuldb.com/?submit.351115
third-party-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

wsy0312 (VulDB User)
.