SQL Injection Vulnerability in SourceCodester Online Timesheet Application
CVE-2024-9319

8.8HIGH

Key Information:

Vendor: SourceCodester
Status: Online Timesheet App
Vendor: CVE Published:; 29 September 2024

Summary

A serious SQL injection vulnerability has been identified in the SourceCodester Online Timesheet App version 1.0. The flaw resides in the /endpoint/delete-timesheet.php file, where improper validation of user-supplied input allows attackers to exploit the 'timesheet' argument. This vulnerability enables potential remote attackers to execute arbitrary SQL queries against the database, which could lead to unauthorized data access, data manipulation, and significant compromise of sensitive information. Due to its remote exploitability, organizations using this application must take immediate action to patch the vulnerability and protect their data integrity.

References

https://vuldb.com/?id.278823

https://vuldb.com/?ctiid.278823

https://vuldb.com/?submit.413329

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2024