SQL Injection Vulnerability in SourceCodester Online Timesheet Application
CVE-2024-9319
8.8HIGH
Key Information:
- Vendor
SourceCodester
- Status
- Vendor
- CVE Published:
- 29 September 2024
What is CVE-2024-9319?
A serious SQL injection vulnerability has been identified in the SourceCodester Online Timesheet App version 1.0. The flaw resides in the /endpoint/delete-timesheet.php file, where improper validation of user-supplied input allows attackers to exploit the 'timesheet' argument. This vulnerability enables potential remote attackers to execute arbitrary SQL queries against the database, which could lead to unauthorized data access, data manipulation, and significant compromise of sensitive information. Due to its remote exploitability, organizations using this application must take immediate action to patch the vulnerability and protect their data integrity.