SQL Injection Vulnerability in SourceCodester Music Gallery Site
CVE-2024-8345

9.8CRITICAL

Key Information:

Vendor: SourceCodester Music Gallery Site 1.0
Status: Music Gallery Site
Vendor: CVE Published:; 30 August 2024

Summary

A critical vulnerability has been identified in SourceCodester's Music Gallery Site version 1.0, specifically affecting the functionality located in the file /classes/Users.php?f=delete. This security flaw allows remote attackers to manipulate the 'id' argument, thereby executing unauthorized SQL queries through SQL injection techniques. The publicly disclosed exploit poses significant risks as it could lead to unauthorized access to sensitive data or execution of arbitrary commands within the database. It is essential for users of this software to take immediate action to mitigate the risks associated with this vulnerability.

References

https://vuldb.com/?id.276224

https://vuldb.com/?ctiid.276224

https://vuldb.com/?submit.400192

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2024