CVE-2024-8087

Summary

CVE-2024-8087 is a critical SQL injection vulnerability affecting the SourceCodester E-Commerce System version 1.0, specifically in the file /ecommerce/popup_Item.php. The vulnerability allows an attacker to manipulate the "id" argument, potentially leading to unauthorized access and manipulation of database information, which can be initiated remotely without the need for user interaction or special privileges. Organizations using this software should remediate the issue by applying security patches or updates provided by SourceCodester as soon as they become available. The potential impact includes high risks to confidentiality, integrity, and availability of data, making it crucial for affected users to act promptly to protect their systems. The CVSS base score assigned to this vulnerability is 9.8, indicating its critical nature and potential for widespread exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.