Remote SQL Injection Vulnerability in SourceCodester Simple Inventory Management System
CVE-2024-6830

7.5HIGH

Key Information:

Vendor: SourceCodester
Status: Simple Inventory Management System
Vendor: CVE Published:; 17 July 2024

Summary

A significant SQL injection vulnerability exists in the SourceCodester Simple Inventory Management System 1.0, specifically within the action.php file's order handler function. This flaw allows attackers to interfere with the order_id argument, leading to unauthorized access to sensitive data. Given that the exploitation can be performed remotely, the issue poses a serious risk to the integrity and confidentiality of the information managed by the system. Public disclosure of the exploit increases the urgency for users to apply necessary security measures to protect their systems.

References

https://vuldb.com/?id.271812

https://vuldb.com/?ctiid.271812

https://vuldb.com/?submit.375233

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2024