SQL Injection Vulnerability in SourceCodester Simple Realtime Quiz System
CVE-2024-7373
8.8HIGH
What is CVE-2024-7373?
A significant SQL injection flaw exists in the SourceCodester Simple Realtime Quiz System version 1.0, specifically within the file and function located at /ajax.php?action=load_answered. This vulnerability arises from improper handling of the 'id' parameter, allowing attackers to manipulate database queries and execute arbitrary SQL code from a remote location. Due to the nature of the vulnerability being publicly disclosed, there is an increased risk of exploitation, which could lead to unauthorized access to sensitive data, data manipulation, or potential data loss. Organizations utilizing this system are urged to apply remediation measures promptly to safeguard their systems.