SQL Injection Vulnerability in SourceCodester Lot Reservation Management System
CVE-2024-7223

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Lot Reservation Management System
Vendor: CVE Published:; 30 July 2024

Summary

A critical vulnerability has been detected in the SourceCodester Lot Reservation Management System version 1.0. This security weakness pertains to an unknown functionality within the view_model.php file, where improper handling of input can allow an attacker to manipulate the 'id' argument. Such manipulation opens the door to SQL injection attacks, enabling unauthorized access to the database. This vulnerability can be exploited remotely, posing a significant threat to the integrity of systems utilizing this software. Given its public disclosure, it is crucial for users of the affected system to take immediate action to mitigate risks.

References

https://vuldb.com/?id.272803

https://vuldb.com/?ctiid.272803

https://vuldb.com/?submit.380470

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2024