SQL Injection Vulnerability in SourceCodester Complaints Report Management System 1.0
CVE-2024-7197

8.8HIGH

Key Information:

Vendor: Oretnom23
Status: Complaints Report Management System
Vendor: CVE Published:; 29 July 2024

What is CVE-2024-7197?

A vulnerability exists within the SourceCodester Complaints Report Management System version 1.0, specifically in the /admin/manage_complaint.php functionality. The flaw arises from inadequate input validation, which allows for SQL injection attacks through manipulation of the 'id' argument. This vulnerability can be exploited remotely, potentially leading to unauthorized access and manipulation of the database. The exploit has been publicly disclosed, highlighting the critical need for users to implement immediate safeguards to protect sensitive information.

References

https://vuldb.com/?id.272618

https://vuldb.com/?ctiid.272618

https://vuldb.com/?submit.380409

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2024

Oretnom23

What is CVE-2024-7197?

References

CVSS V3.1

Timeline