CVE-2024-9905

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 13, 2024

Updated: Oct 16, 2024

CWE ID 89

Summary

CVE-2024-9905 is a critical vulnerability affecting the SourceCodester Online Eyewear Shop 1.0. This issue arises from the application's handling of user input in the URL argument 'id' in the /admin/ endpoint. An attacker can exploit this vulnerability through SQL injection, allowing them to manipulate the application's database. The exploit can be initiated remotely, making it potentially dangerous for organizations using this software. The vulnerability has been disclosed to the public, increasing the risk of widespread exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Online Eyewear Shop

Affected Vendors

Sourcecodester

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zbNFGb
https://www.cve.org/CVERecord?id=CVE-2024-9905
https://nvd.nist.gov/vuln/detail/CVE-2024-9905

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners