CVE-2024-2932: SourceCodester Online Chatting System update_room.php sql injection
First published: Wed Mar 27 2024(Updated: )
A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Donbermoy Online Chatting System | =1.0 | |
| Donbermoy Online Chatting System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2932?
CVE-2024-2932 is classified as a critical vulnerability.
What is the nature of the vulnerability in CVE-2024-2932?
The vulnerability in CVE-2024-2932 is an SQL injection found in the admin/update_room.php file.
How can I fix CVE-2024-2932?
To fix CVE-2024-2932, validate and sanitize all inputs to the update_room.php function.
What software is affected by CVE-2024-2932?
CVE-2024-2932 affects SourceCodester Online Chatting System version 1.0.
Can CVE-2024-2932 be exploited remotely?
Yes, CVE-2024-2932 can be exploited remotely.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/epss
- collector/epss-latest
- source/FIRST
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/event
- agent/guess-ai
- vendor/donbermoy
- canonical/donbermoy online chatting system
- version/donbermoy online chatting system/1.0
- vendor/sourcecodester