SQL Injection Vulnerability in itsourcecode Monbela Tourist Inn Online Reservation System
CVE-2024-6113

9.8CRITICAL

Key Information:

Vendor
Itsourcecode
Status
Monbela Tourist Inn Online Reservation System
Vendor
CVE Published:
20 June 2024

Summary

A significant SQL injection vulnerability has been identified in the Monbela Tourist Inn Online Reservation System version 1.0, developed by itsourcecode. This vulnerability resides in the 'login.php' file, where improper handling of the 'email' argument can allow an attacker to execute malicious SQL queries. This exploit can be initiated remotely, potentially compromising sensitive data stored within the application's database. Organizations using this system should take immediate action to patch or mitigate this vulnerability to prevent unauthorized access and data breaches.

Affected Version(s)

Monbela Tourist Inn Online Reservation System 1.0

References

https://vuldb.com/?id.268865
vdb-entrytechnical-description
https://vuldb.com/?ctiid.268865
signaturepermissions-required
https://vuldb.com/?submit.358991
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wangyuan-ui (VulDB User)
.