CVE-2024-9974

Name of the Vulnerable Software and Affected Versions SourceCodester Online Eyewear Shop version 1.0

Description A critical issue has been found in the software, affecting an unknown functionality of the file classes/Master.php?f=add to card of the component POST Request Handler. The manipulation of the product id argument leads to SQL injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the product id argument in the POST Request Handler until a patch is available. Restrict access to the vulnerable file classes/Master.php?f=add to card to minimize the risk of exploitation. Avoid using the product id argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.