CVE-2024-8083

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Aug 22, 2024
Updated: Aug 27, 2024
CWE ID 89

Summary

CVE-2024-8083 is a critical SQL injection vulnerability affecting SourceCodester Online Computer and Laptop Store version 1.0, specifically within the file located at /php-ocls/classes/Master.php?f=pay_order. This vulnerability allows an attacker to manipulate the 'id' argument, which could be exploited remotely without requiring user interaction, posing a significant risk to the integrity and confidentiality of the affected systems. To remediate this issue, it is recommended that users update to a patched version of the software or implement input validation measures to prevent unauthorized access. The potential impact includes unauthorized data access and manipulation, which could lead to further exploitation within an organization's network. Additional details and exploit information can be found in various advisories linked through resources like VulDB and GitHub.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share