CVE-2024-9808

Summary

CVE-2024-9808 is a critical vulnerability affecting SourceCodester Online Eyewear Shop version 1.0, specifically in the /admin/?page=products/view_product file where SQL injection can be exploited through manipulated parameters. This vulnerability allows for remote exploitation with a low complexity level, posing a significant threat to data confidentiality as it could lead to unauthorized access to sensitive information. Remediation involves ensuring proper validation and sanitization of inputs within the affected function to prevent such SQL injection attacks. The public disclosure of this exploit increases the urgency for organizations using this software to address the vulnerability promptly. With a CVSS score of 6.5, the potential impact is classified as medium, highlighting the need for vigilance in managing this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.