ГлавнаяУязвимости → CVE-2024-57430
9.8критическая

CVE-2024-57430

Описание

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.

Затрагиваемое ПО
Phpjabbers Cinema booking system
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/ahrixia/CVE-2024-57430https://www.phpjabbers.com/cinema-booking-system/