SQL Injection Vulnerability in Code-Projects Restaurant Reservation System
CVE-2024-9429

9.8CRITICAL

Key Information:

Vendor: Code-projects
Status: Restaurant Reservation System
Vendor: CVE Published:; 2 October 2024

Summary

A security vulnerability has been identified within the Code-Projects Restaurant Reservation System version 1.0, specifically in the file filter2.php. This vulnerability allows for SQL injection through the manipulation of the parameters 'from' and 'to', enabling remote attackers to execute unauthorized database queries. The public disclosure of this exploit heightens the urgency for users to evaluate their systems for potential exposure and implement necessary security measures to mitigate risks associated with unauthorized data access.

References

https://vuldb.com/?id.279049

https://vuldb.com/?ctiid.279049

https://vuldb.com/?submit.416904

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2024