From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: CVE-2024-50970 2. Description: A SQL injection vulnerability exists in the file, allowing remote attackers to execute arbitrary SQL commands via the parameter. 3. Vulnerability Type: SQL Injection 4. Affected Product: Itsourcocode Online Furniture Shopping Project 1.0 5. Affected Code Repository: https://itsourcocode.com/free-projects/php-project/online-furniture-shop-in-php-projects-free-source-code-and-database/ - Version 1.0 6. Affected Component: The page in Itsourcocode Online Furniture Shopping v1.0 7. Attack Vector: - Set up the application locally, register a new account, and log in. - Navigate to the URL of the page. - Inject SQL payload: Modify the parameter to include a time-based blind SQL injection payload. - Observe application response: Notice a significant increase in page loading time (10 seconds), confirming that the parameter is vulnerable to SQL injection. - Further exploit and extract the database using SQLMap with the following command: 8. References: - https://itsourcocode.com/free-projects/php-project/online-furniture-shop-in-php-projects-free-source-code-and-database/ - https://owasp.org/www-community/attacks/SQL_Injection This information provides a detailed description of the vulnerability’s nature, scope of impact, and how it can be exploited.