CVE-2024-9317: SQL Injection in SourceCodester Online Eyewear Shop 1.0

Key Information 1. Vulnerability ID: - VDB-278821 - CVE-2024-9317 2. Vulnerability Name: - SourceCodester Online Eyewear Shop 1.0 Master.php Delete Category ID SQL Injection 3. CVSS Meta Temp Score: - 7.2 4. Current Vulnerability Price: - $0-$5k 5. CTI Interest Score: - 2.91 6. Affected File: - /classes/Master.php?f=delete_category 7. Affected Function: - delete_category 8. CWE Definition: - CWE-89 9. Vulnerability Description: - The vulnerability arises from manipulating the 'id' parameter and untrusted input, leading to an SQL injection flaw. The product constructs SQL commands using external, user-influenced input without properly neutralizing or failing to neutralize special elements, potentially allowing downstream components to alter SQL commands. 10. Impact: - Affects confidentiality, integrity, and availability. 11. Disclosure Status: - Vulnerability has been publicly disclosed. 12. Exploitability: - Exploitation is easy and can be performed remotely. 13. Technical Details and Public Exploits: - Known technical details and public exploits exist. 14. MITRE ATT&CK Technique: - Uses attack technique T1505. 15. Exploit Download: - Exploit available for download on github.com. 16. Recommended Mitigation: - Replace affected components. 17. Related Vulnerability IDs: - VDB-218315, VDB-221455, VDB-225347, VDB-235201 Related Links GitHub VDB-218315 VDB-221455 VDB-225347 VDB-235201

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9317: SQL Injection in SourceCodester Online Eyewear Shop 1.0