SQL Injection Vulnerability in SourceCodester PHP CRUD Application
CVE-2024-8561

9.8CRITICAL

Key Information:

Vendor
Sourcecodester
Status
PHP Crud
Vendor
CVE Published:
7 September 2024

Summary

A severe vulnerability has been identified in the SourceCodester PHP CRUD 1.0 application, specifically within the Delete Person functionality located in the file /endpoint/delete.php. This vulnerability permits attackers to manipulate the 'person' argument, leading to SQL injection attacks. Such an attack can be executed remotely, potentially compromising database integrity and exposing sensitive information. It is crucial for users of SourceCodester PHP CRUD to patch this vulnerability promptly to mitigate the associated risks.

Affected Version(s)

PHP CRUD 1.0

References

https://vuldb.com/?id.276781
vdb-entrytechnical-description
https://vuldb.com/?ctiid.276781
signaturepermissions-required
https://vuldb.com/?submit.403651
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Delvy (VulDB User)
.