SQL Injection Vulnerability in SourceCodester Online Eyewear Shop
CVE-2024-9317

8.8HIGH

Key Information:

Vendor: SourceCodester Online Eyewear Shop
Status: Online Eyewear Shop
Vendor: CVE Published:; 28 September 2024

🔔 Create SourceCodester Online Eyewear Shop Vulnerability Alert

What is CVE-2024-9317?

A severe SQL injection vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0. The flaw specifically resides in the 'delete_category' function of the Master.php file, where improper handling of the 'id' argument can allow attackers to manipulate SQL queries. This vulnerability can be exploited remotely, meaning that attackers can execute arbitrary SQL commands without needing physical access to the vulnerable system. Publicly disclosed exploits for this vulnerability pose a significant risk, highlighting the importance of immediate remediation measures to safeguard sensitive data and maintain website integrity.

References

https://vuldb.com/?id.278821

https://vuldb.com/?ctiid.278821

https://vuldb.com/?submit.412748

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 28, 2024