← voltar
CVE-2024-8343

SourceCodester Sentiment Based Movie Rating System User Registration Users.php sql injection

CVSS 6.9 MEDIUMEPSS 0.7%CWE-89
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.9EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
30 ago 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save_client of the component User Registration Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Produtos afetados
SourceCodester · Sentiment Based Movie Rating System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.mdhttps://vuldb.com/?ctiid.276222https://vuldb.com/?id.276222https://vuldb.com/?submit.399711https://www.sourcecodester.com/