CVE-2024-9905

Name of the Vulnerable Software and Affected Versions SourceCodester Online Eyewear Shop version 1.0

Description A critical issue has been found in the processing of the file "/admin/?page=inventory/view inventory&id=2". The manipulation of the id argument leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Online Eyewear Shop version 1.0, consider disabling access to the "/admin/?page=inventory/view inventory&id=2" endpoint until a patch is available. Restrict the use of the id argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.