CVE-2024-57430

{"id": "CVE-2024-57430", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-02-06T17:15:20.717", "references": [{"url": "https://github.com/ahrixia/CVE-2024-57430", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.phpjabbers.com/cinema-booking-system/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n pjActionGetUser de PHPJabbers Cinema Booking System v2.0 permite a los atacantes manipular las consultas de la base de datos a trav\u00e9s del par\u00e1metro de columna. La explotaci\u00f3n de esta falla puede dar lugar a la divulgaci\u00f3n no autorizada de informaci\u00f3n, la escalada de privilegios o la manipulaci\u00f3n de la base de datos."}], "lastModified": "2025-06-24T00:12:38.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpjabbers:cinema_booking_system:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2192B8FB-CC44-47A7-9CD4-3778B1874B25"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}