CVE-2024-57430
CRITICALPhpjabbers Cinema Booking System - SQL Injection
Title source: ruleDescription
An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.
Exploits (1)
Scores
CVSS v3
9.8
EPSS
0.0091
EPSS Percentile
76.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
phpjabbers/cinema_booking_system
2.0
Published
Feb 06, 2025
Tracked Since
Feb 18, 2026