CVE-2024-7373

CWE-89SQL InjectionCWE-476NULL Pointer Dereference4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 58.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Simple Realtime Quiz SystemOretnom23 Simple Realtime Quiz System
Timeline
PublishedAug 2

Description

A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=load_answered. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273357 was assigned to this vulnerability.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Simple Realtime Quiz System ajax.php sql injection2024-08-02
GHSA
GHSA-7q45-jp5q-j29q: A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 12024-08-02
CVE-2024-7373 (MEDIUM CVSS 5.3) | A vulnerability classified as criti | cvebase.io