SQL Injection Vulnerability in SourceCodester Movie Rating System
CVE-2024-8343

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Sentiment Based Movie Rating System
Vendor: CVE Published:; 30 August 2024

Summary

A significant SQL injection vulnerability has been identified in the User Registration Handler of SourceCodester's Sentiment Based Movie Rating System version 1.0. This flaw arises from improper handling of the 'email' argument within the /classes/Users.php?f=save_client endpoint. An attacker can exploit this vulnerability remotely, which may lead to unauthorized access to sensitive user data and compromise the integrity of the system. The exploit has been made public, thus increasing the urgency for system administrators to implement necessary security measures to mitigate potential risks.

References

https://vuldb.com/?id.276222

https://vuldb.com/?ctiid.276222

https://vuldb.com/?submit.399711

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2024