SQL Injection Vulnerability in SourceCodester Online Eyewear Shop
CVE-2024-9081

7.5HIGH

Key Information:

Vendor
Sourcecodester
Status
Online Eyewear Shop
Vendor
CVE Published:
22 September 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

A significant SQL injection vulnerability has been identified in the view_category.php file of SourceCodester's Online Eyewear Shop version 1.0. This vulnerability arises from improper validation of the 'id' parameter, enabling attackers to execute unauthorized SQL commands through crafted requests. This exploitation can be remotely launched, posing a severe risk to data integrity and security. The exploit has already been disclosed publicly, making affected systems particularly susceptible to attacks if not mitigated promptly. Users of the affected product should take immediate action to secure their applications.

Affected Version(s)

Online Eyewear Shop 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9081 - Proof of Concept

References

https://vuldb.com/?id.278251
vdb-entrytechnical-description
https://vuldb.com/?ctiid.278251
signaturepermissions-required
https://vuldb.com/?submit.411564
third-party-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

5hu1K (VulDB User)
.