CVE-2024-3360

HIGH

SourceCodester Online Library System 1.0 - SQL Injection

Title source: llm

Description

A vulnerability, which was classified as critical, was found in SourceCodester Online Library System 1.0. Affected is an unknown function of the file admin/books/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259464.

References (4)

[Exploit, Third Party Advisory] https://github.com/thisissuperann/Vul/blob/main/Online-Library-System-02

View Exploit ZIP pw:eip

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.259464

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.259464

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.310424

Scores

CVSS v3 7.3

EPSS 0.0014

EPSS Percentile 33.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-89

Status published

Affected Products (1)

janobe/online_library_system

Timeline

Published Apr 06, 2024

Tracked Since Feb 18, 2026