CVERadar

CVE-2024-9085

Critical Severity

Code-projects

SVRS

84/100

CVSSv3

9.8/10

EPSS

0.00046/1

CVE-2024-9085 is a critical SQL Injection vulnerability in code-projects Restaurant Reservation System 1.0 affecting the index.php file. Attackers can remotely manipulate the 'date' argument to execute arbitrary SQL queries. With an SVRS of 84, this vulnerability is considered critical and requires immediate attention. The exploit is publicly available, increasing the risk of widespread exploitation. This allows attackers to potentially access or modify sensitive data within the restaurant reservation system's database. Successful exploitation could lead to data breaches, service disruption, and unauthorized access. Prioritize patching or mitigating this vulnerability to prevent potential security incidents. Due to the high SVRS, organizations using the affected software are at immediate risk.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:N

UI:N

S:U

C:H

I:H

A:H

PUBLICATION DATE2024-09-22

LAST MODIFIED2024-09-27

SOCRadar

AI Insight

Description

CVE-2024-9085 is a critical vulnerability in code-projects Restaurant Reservation System 1.0 that allows remote attackers to execute SQL injection attacks by manipulating the date argument in the index.php file. The SVRS for this vulnerability is 0, indicating that it is not currently being actively exploited.

Key Insights

High Severity: The CVSS score of 7.3 indicates that this vulnerability is highly severe and could have a significant impact on affected systems.
Remote Exploitation: Attackers can exploit this vulnerability remotely, making it easier for them to target vulnerable systems.
Public Disclosure: The exploit for this vulnerability has been publicly disclosed, increasing the risk of exploitation.

Mitigation Strategies

Update Software: Apply the latest software updates from the vendor to patch the vulnerability.
Restrict Access: Limit access to the affected file or directory to reduce the attack surface.
Use Input Validation: Implement input validation mechanisms to prevent malicious input from being processed.
Monitor for Suspicious Activity: Monitor systems for suspicious activity that may indicate exploitation attempts.

Additional Information

Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
Exploit Status: Active exploits have been published for this vulnerability.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
In the Wild: There is no evidence that this vulnerability is currently being exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-9085 | code-projects Restaurant Reservation System 1.0 index.php date sql injection

vuldb.com2024-09-27

CVE-2024-9085 | code-projects Restaurant Reservation System 1.0 index.php date sql injection | A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument date leads to sql injection. The identification of this vulnerability is CVE-2024-9085</a

cve-2024-9085

domains

urls

cves

Social Media

CRAC Learning - Tech

@cracbot

2024-09-25

CVE-2024-9085 (CVSS:7.3, HIGH) is Received. A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue ..https://t.co/r9ncrkiKTt #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

Affected Software

Configuration 1

Type	Vendor	Product
App	Code-projects	restaurant_reservation_system

References

Reference	Link
[email protected]	https://code-projects.org/
[email protected]	https://github.com/ppp-src/a/issues/18
[email protected]	https://vuldb.com/?ctiid.278261
[email protected]	https://vuldb.com/?id.278261
[email protected]	https://vuldb.com/?submit.411848
GITHUB	https://github.com/ppp-src/a/issues/18

CWE Details

CWE ID	CWE Name	Description
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence