Skip to main content

Music Gallery Site CVE-2024-8222

MEDIUM
SQL Injection (CWE-89)
2024-08-27 cna@vuldb.com
5.3
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vuldb) · only source for this CVE.

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Aug 27, 2024 - 23:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file /admin/?page=musics/manage_music. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file /admin/?page=musics/manage_music. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Affected products include: Oretnom23 Music Gallery Site.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2024-2930 CRITICAL POC
9.8 Mar 27

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2023-0963 CRITICAL POC
9.8 Feb 22

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2023-0961 CRITICAL POC
9.8 Feb 22

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2023-0938 CRITICAL POC
9.8 Feb 21

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. Rated critical severity

CVE-2023-0962 HIGH POC
8.8 Feb 22

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated high severity (CVSS 8.8), this vulnerability i

CVE-2023-1054 CRITICAL
9.8 Feb 27

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2023-1053 CRITICAL
9.8 Feb 27

A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical.php. Rated critical severi

CVE-2024-8345 MEDIUM POC
5.3 Aug 30

A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Rated medium severity (CV

CVE-2024-8336 MEDIUM POC
5.3 Aug 30

A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5

CVE-2024-8223 MEDIUM POC
5.3 Aug 27

A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5

CVE-2024-8221 MEDIUM POC
5.3 Aug 27

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability

Share

CVE-2024-8222 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy