SQL Injection Vulnerability in SourceCodester Simple Realtime Quiz System
CVE-2024-7369

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Simple Realtime Quiz System
Vendor: CVE Published:; 1 August 2024

Summary

A critical vulnerability has been identified in the SourceCodester Simple Realtime Quiz System 1.0 that allows for SQL injection via the /ajax.php?action=login path. This security flaw arises from improper handling of the 'username' input parameter, which can be exploited by remote attackers to execute arbitrary SQL queries. The implications of this vulnerability can lead to unauthorized access to sensitive data within the application. Since the exploit has been made publicly available, it is imperative for users and administrators of the affected system to take immediate action to mitigate potential risks.

References

https://vuldb.com/?id.273353

https://vuldb.com/?ctiid.273353

https://vuldb.com/?submit.383517

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2024