SQL Injection Vulnerability in SourceCodester PHP CRUD Application
CVE-2024-8564
8.8HIGH
What is CVE-2024-8564?
A severe SQL injection vulnerability has been identified in the SourceCodester PHP CRUD version 1.0, specifically affecting the file located at /endpoint/update.php. This vulnerability arises from improper handling of input parameters such as tbl_person_id, first_name, middle_name, and last_name, which allows an attacker to execute arbitrary SQL queries on the database. Importantly, this can be exploited remotely without authentication, posing a significant risk to data integrity and the confidentiality of sensitive information. As this vulnerability has been made public, immediate action is recommended to mitigate potential exploitation and secure affected systems.
Affected Version(s)
PHP CRUD 1.0