CVE-2024-57430

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: PHPJabbers Cinema Booking System version 2.0

Description: An SQL injection vulnerability in the

pjActionGetUser

function allows attackers to manipulate database queries via the

column

parameter. This can lead to unauthorized information disclosure, privilege escalation, or database manipulation.

Recommendations: To resolve the issue, update PHPJabbers Cinema Booking System to a version that fixes the SQL injection vulnerability in the

pjActionGetUser

function. As a temporary workaround, consider restricting access to the

pjActionGetUser

function to minimize the risk of exploitation. Additionally, avoid using the

column

parameter in the affected function until the issue is resolved.

Exploit

Fix

LPE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2024-57430

Phpjabbers Cinema Booking System