SQL Injection Vulnerability in SourceCodester Movie Rating System
CVE-2024-8343
9.8CRITICAL
Key Information:
- Vendor
SourceCodester
- Vendor
- CVE Published:
- 30 August 2024
What is CVE-2024-8343?
A significant SQL injection vulnerability has been identified in the User Registration Handler of SourceCodester's Sentiment Based Movie Rating System version 1.0. This flaw arises from improper handling of the 'email' argument within the /classes/Users.php?f=save_client endpoint. An attacker can exploit this vulnerability remotely, which may lead to unauthorized access to sensitive user data and compromise the integrity of the system. The exploit has been made public, thus increasing the urgency for system administrators to implement necessary security measures to mitigate potential risks.