SQL Injection Vulnerability in SourceCodester Simple Realtime Quiz System
CVE-2024-7378

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Simple Realtime Quiz System
Vendor: CVE Published:; 2 August 2024

Summary

An SQL injection vulnerability exists in the SourceCodester Simple Realtime Quiz System version 1.0, specifically in the /manage_question.php file. The vulnerability allows an attacker to manipulate requests that involve the 'id' parameter, leading to unauthorized database access and potential data breaches. This can be exploited remotely, making it imperative for users of the affected system to apply necessary updates and security measures promptly. Given the exposure of the exploit to the public, immediate action is recommended to safeguard sensitive data.

References

https://vuldb.com/?id.273362

https://vuldb.com/?ctiid.273362

https://vuldb.com/?submit.383526

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 2, 2024