SQL Injection Vulnerability in SourceCodester Lot Reservation Management System
CVE-2024-7224

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Lot Reservation Management System
Vendor: CVE Published:; 30 July 2024

Summary

A severe SQL injection vulnerability has been identified in the SourceCodester Lot Reservation Management System version 1.0, specifically within the /lot_details.php file. This flaw allows unauthorized manipulation of the 'id' parameter, potentially enabling attackers to execute arbitrary SQL queries against the database. As this vulnerability can be exploited remotely, it poses a significant security risk, particularly if it is publicly disclosed, facilitating easy exploitation. Organizations using this system should prioritize patching and review their security measures to prevent potential breaches.

References

https://vuldb.com/?id.272804

https://vuldb.com/?ctiid.272804

https://vuldb.com/?submit.380471

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2024