CVE-2024-10163

A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:sentiment_based_movie_rating_system:1.0:*:*:*:*:*:*:*

History

22 Oct 2024, 14:28

Type Values Removed Values Added
CPE cpe:2.3:a:oretnom23:sentiment_based_movie_rating_system:1.0:*:*:*:*:*:*:*
First Time Oretnom23
Oretnom23 sentiment Based Movie Rating System
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
References () https://github.com/2967607153/CVE-report/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md - () https://github.com/2967607153/CVE-report/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.280950 - () https://vuldb.com/?ctiid.280950 - Permissions Required
References () https://vuldb.com/?id.280950 - () https://vuldb.com/?id.280950 - Third Party Advisory
References () https://vuldb.com/?submit.425464 - () https://vuldb.com/?submit.425464 - Third Party Advisory
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product

21 Oct 2024, 17:09

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en SourceCodester Sentiment Based Movie Rating System 1.0. Se ha clasificado como crítica. Se ve afectada una función desconocida del archivo /msrps/movie_details.php. La manipulación del argumento id provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. La divulgación inicial del investigador menciona un nombre de producto ligeramente modificado.

20 Oct 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-20 02:15

Updated : 2024-10-22 14:28


NVD link : CVE-2024-10163

Mitre link : CVE-2024-10163

CVE.ORG link : CVE-2024-10163


JSON object : View

Products Affected

oretnom23

  • sentiment_based_movie_rating_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')