SQL Injection Vulnerability in SourceCodester Simple Realtime Quiz System
CVE-2024-7374

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Simple Realtime Quiz System
Vendor: CVE Published:; 2 August 2024

Summary

A significant security vulnerability has been identified in the SourceCodester Simple Realtime Quiz System version 1.0, specifically within the manage_user.php file. This vulnerability allows attackers to manipulate the 'id' parameter, leading to successful SQL injection attacks. Such exploits can be executed remotely, posing a considerable risk to data integrity and confidentiality. The vulnerability has been publicly disclosed, and it is crucial for users of the affected system to implement immediate security measures to safeguard against potential exploitation. For further details and security advisories, visit VDB-273358.

References

https://vuldb.com/?id.273358

https://vuldb.com/?ctiid.273358

https://vuldb.com/?submit.383522

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2024