CVE-2024-3348

Name of the Vulnerable Software and Affected Versions SourceCodester Aplaya Beach Resort Online Reservation System version 1.0

Description A critical vulnerability has been found in the system, affecting an unknown function of the file booking/index.php. The manipulation of the log email and log pword arguments leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the affected function in the booking/index.php file until a patch is available. Restrict access to the log email and log pword arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.