SQL Injection Vulnerability in SourceCodester Simple Realtime Quiz System
CVE-2024-7373

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Simple Realtime Quiz System
Vendor: CVE Published:; 2 August 2024

Summary

A significant SQL injection flaw exists in the SourceCodester Simple Realtime Quiz System version 1.0, specifically within the file and function located at /ajax.php?action=load_answered. This vulnerability arises from improper handling of the 'id' parameter, allowing attackers to manipulate database queries and execute arbitrary SQL code from a remote location. Due to the nature of the vulnerability being publicly disclosed, there is an increased risk of exploitation, which could lead to unauthorized access to sensitive data, data manipulation, or potential data loss. Organizations utilizing this system are urged to apply remediation measures promptly to safeguard their systems.

References

https://vuldb.com/?id.273357

https://vuldb.com/?ctiid.273357

https://vuldb.com/?submit.383521

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2024