A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name.
History

Tue, 22 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester sentiment Based Movie Rating System
CPEs cpe:2.3:a:sourcecodester:sentiment_based_movie_rating_system:1.0:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester sentiment Based Movie Rating System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 22 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 sentiment Based Movie Rating System
CPEs cpe:2.3:a:oretnom23:sentiment_based_movie_rating_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 sentiment Based Movie Rating System

Sun, 20 Oct 2024 01:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in SourceCodester Sentiment Based Movie Rating System 1.0. It has been classified as critical. Affected is an unknown function of the file /msrps/movie_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure mentions a slightly changed product name.
Title SourceCodester Sentiment Based Movie Rating System movie_details.php sql injection
Weaknesses CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-10-20T01:31:04.762Z

Updated: 2024-10-22T14:25:38.276Z

Reserved: 2024-10-18T19:29:01.595Z

Link: CVE-2024-10163

cve-icon Vulnrichment

Updated: 2024-10-22T14:25:33.238Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-20T02:15:01.970

Modified: 2024-10-22T14:28:06.173

Link: CVE-2024-10163

cve-icon Redhat

No data.