CVE-2024-8343

A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save_client of the component User Registration Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:sentiment_based_movie_rating_system:1.0:*:*:*:*:*:*:*

History

04 Sep 2024, 16:34

Type Values Removed Values Added
References () https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md - () https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md - Exploit
References () https://vuldb.com/?ctiid.276222 - () https://vuldb.com/?ctiid.276222 - Permissions Required
References () https://vuldb.com/?id.276222 - () https://vuldb.com/?id.276222 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.399711 - () https://vuldb.com/?submit.399711 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
CPE cpe:2.3:a:oretnom23:sentiment_based_movie_rating_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
First Time Oretnom23 sentiment Based Movie Rating System
Oretnom23

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester Sentiment Based Movie Rating System 1.0. Se trata de una función desconocida del archivo /classes/Users.php?f=save_client del componente User Registration Handler. La manipulación del argumento email provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.

30 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-30 16:15

Updated : 2024-09-04 16:34


NVD link : CVE-2024-8343

Mitre link : CVE-2024-8343

CVE.ORG link : CVE-2024-8343


JSON object : View

Products Affected

oretnom23

  • sentiment_based_movie_rating_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')