SQL Injection Vulnerability in SourceCodester Food Ordering Management System
CVE-2024-8415

9.8CRITICAL

Key Information:

Vendor: Oretnom23
Status: Food Ordering Management System
Vendor: CVE Published:; 4 September 2024

What is CVE-2024-8415?

A vulnerability has been identified in the SourceCodester Food Ordering Management System 1.0, specifically within the file /routers/add-ticket.php. The issue arises due to improper handling of the 'id' argument, which can be exploited to execute SQL injection attacks. This flaw enables remote attackers to manipulate database queries, potentially compromising sensitive data. As the exploit code has been publicly disclosed, it presents significant security risks to affected users who have not applied appropriate mitigations.

References

https://vuldb.com/?id.276494

https://vuldb.com/?ctiid.276494

https://vuldb.com/?submit.402345

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2024

Oretnom23

What is CVE-2024-8415?

References

CVSS V3.1

Timeline