CVE-2024-9008: SourceCodester Best Online News Portal Comment Section news-details.php sql injection
First published: Thu Sep 19 2024(Updated: )
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Best Online News Portal | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9008?
CVE-2024-9008 is classified as a critical vulnerability.
What type of vulnerability is CVE-2024-9008?
CVE-2024-9008 is an SQL injection vulnerability affecting the comment section of the news details page.
How do I fix CVE-2024-9008?
To fix CVE-2024-9008, sanitize user inputs in the comment section to prevent SQL injection.
Which software is affected by CVE-2024-9008?
CVE-2024-9008 affects version 1.0 of the Best Online News Portal.
What component of the Best Online News Portal is vulnerable in CVE-2024-9008?
The vulnerable component in CVE-2024-9008 is the comment section located in the /news-details.php file.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/trending
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mayurik
- canonical/best online news portal
- version/best online news portal/1.0