SQL Injection Vulnerability in SourceCodester Simple Realtime Quiz System
CVE-2024-7370

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Simple Realtime Quiz System
Vendor: CVE Published:; 1 August 2024

Summary

A critical security vulnerability has been discovered in the SourceCodester Simple Realtime Quiz System, specifically in the /manage_quiz.php file. This vulnerability allows an attacker to perform SQL injection by manipulating the 'id' parameter in the request. As a result, remote attackers can execute arbitrary SQL queries, compromising the underlying database and potentially gaining access to sensitive user information. The vulnerability has been publicly disclosed, making it imperative for users of this system to implement security measures immediately to protect against possible exploitation. Maintaining secure coding practices and regularly updating software are essential to minimize exposure to such vulnerabilities.

References

https://vuldb.com/?id.273354

https://vuldb.com/?ctiid.273354

https://vuldb.com/?submit.383518

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2024