CVE-2024-57430

Name of the Vulnerable Software and Affected Versions: PHPJabbers Cinema Booking System version 2.0

Description: An SQL injection vulnerability in the pjActionGetUser function allows attackers to manipulate database queries via the column parameter. This can lead to unauthorized information disclosure, privilege escalation, or database manipulation.

Recommendations: To resolve the issue, update PHPJabbers Cinema Booking System to a version that fixes the SQL injection vulnerability in the pjActionGetUser function. As a temporary workaround, consider restricting access to the pjActionGetUser function to minimize the risk of exploitation. Additionally, avoid using the column parameter in the affected function until the issue is resolved.