关键漏洞信息 Vulnerability ID: VDB-259588, CVE-2024-3416, GCVE-100-259588 Affected Product: SourceCodester Online Courseware 1.0 Vulnerability Type: SQL Injection Affected File: Vulnerability Classification: Critical CVE Definition: CWE-89 Attack Vector: Remote Exploit Availability: Yes, public exploit available on GitHub Attack Technique: T1505 Impact: Affects confidentiality, integrity, and availability CVE Reference: CVE-2024-3416 Summary A critical SQL injection vulnerability was found in SourceCodester Online Courseware 1.0. The vulnerability affects an unknown function of the file . Manipulating the argument can lead to SQL injection. The attack can be performed remotely, and a public proof-of-concept exploit is available. Details The vulnerability arises because the product constructs SQL commands using externally-influenced input from upstream components without proper neutralization of special elements. This allows an attacker to modify the SQL command, impacting confidentiality, integrity, and availability. The advisory and exploit are shared on GitHub. Google Hacking queries can also help find vulnerable targets. No countermeasures are provided, but replacing the affected product with an alternative is suggested.