SQL Injection Vulnerability in SourceCodester Modern Loan Management System
CVE-2024-9090

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Modern Loan Management System
Vendor: CVE Published:; 23 September 2024

Summary

A security vulnerability has been identified in the SourceCodester Modern Loan Management System version 1.0, specifically within the file search_member.php. This vulnerability allows an attacker to manipulate the searchMember argument, resulting in SQL injection attacks. Such vulnerabilities can be exploited remotely, posing a significant risk to environments utilizing this software. Since the exploit information has been publicly disclosed, organizations are urged to assess their systems for this vulnerability and implement necessary security measures to protect against potential database breaches.

References

https://vuldb.com/?id.278268

https://vuldb.com/?ctiid.278268

https://vuldb.com/?submit.411879

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 23, 2024