SQL Injection Vulnerability in SourceCodester Simple Online Bidding System
CVE-2024-7798

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Simple Online Bidding System
Vendor: CVE Published:; 15 August 2024

Summary

A critical SQL Injection vulnerability has been identified in the SourceCodester Simple Online Bidding System version 1.0. This vulnerability resides within an unspecified feature of the ajax.php script, specifically during the login process. Attackers can manipulate the 'username' parameter to execute unauthorized SQL commands, potentially leading to data exposure or complete system compromise. The vulnerability is remotely exploitable, increasing its severity as it can be leveraged by unauthorized users without any need for local access. With public disclosure of the exploit, organizations using this system are urged to apply necessary patches or embark on mitigation strategies to secure their platforms from potential attacks.

References

https://vuldb.com/?id.274651

https://vuldb.com/?ctiid.274651

https://vuldb.com/?submit.390297

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2024