SQL Injection Vulnerability in SourceCodester Online Eyewear Shop
CVE-2024-9317

8.8HIGH

Key Information:

Vendor: SourceCodester Online Eyewear Shop
Status: Online Eyewear Shop
Vendor: CVE Published:; 28 September 2024

Summary

A severe SQL injection vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0. The flaw specifically resides in the 'delete_category' function of the Master.php file, where improper handling of the 'id' argument can allow attackers to manipulate SQL queries. This vulnerability can be exploited remotely, meaning that attackers can execute arbitrary SQL commands without needing physical access to the vulnerable system. Publicly disclosed exploits for this vulnerability pose a significant risk, highlighting the importance of immediate remediation measures to safeguard sensitive data and maintain website integrity.

References

https://vuldb.com/?id.278821

https://vuldb.com/?ctiid.278821

https://vuldb.com/?submit.412748

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2024

Collectors

NVD Database