1000 Projects Attendance Tracking Management System 1.0 /admin/course_action.php course_code Enlakaat SQL

Un draenvezh a zo bet merzet evel kritikel e 1000 Projects Attendance Tracking Management System 1.0. Kement-se a denn da ur fonksion dianav eus ar restr /admin/course_action.php. Arverañ an arguzenn course_code a lak da c'hoarvezout Enlakaat SQL. Ober gant CWE evit diskouez ar gudenn a gas da CWE-89. An disterder-mañ zo bet embannet 22/12/2024. An aliadenn a vez rannet evit bezañ pellgarget war github.com. Ar gwallzarvoud-mañ a vez menegeret evel CVE-2024-12899. Emañ ar galloud da lakaat an dagadenn da sevel a-bell. Gallout a reer kaout titouroù teknikel. Atav, ur mod da implijout an dra-se a zo. An diskoulm a zo bet embannet foran ha gallout a c'hall bezañ implijet. Evit poent eo priz an exploit might be approx. USD $0-$5k. Merket eo evel test-kas ouzhpenn. An exploit a c'haller pellgargañ diwar github.com. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Daskemmoù · 86 Poentoù roadennoù

MaezKrouet
22/12/2024 17:35		Hizivadur 1/2
22/12/2024 17:36		Hizivadur 2/2
23/12/2024 02:29
software_vendor1000 Projects1000 Projects1000 Projects
software_version1.01.01.0
software_file/admin/course_action.php/admin/course_action.php/admin/course_action.php
software_argumentcourse_codecourse_codecourse_code
vulnerability_cweCWE-89 (Enlakaat SQL)CWE-89 (Enlakaat SQL)CWE-89 (Enlakaat SQL)
vulnerability_risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/Murrayzed/CVE/issues/1https://github.com/Murrayzed/CVE/issues/1https://github.com/Murrayzed/CVE/issues/1
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/Murrayzed/CVE/issues/1https://github.com/Murrayzed/CVE/issues/1https://github.com/Murrayzed/CVE/issues/1
source_cveCVE-2024-12899CVE-2024-12899CVE-2024-12899
cna_responsibleVulDBVulDBVulDB
software_typeProject Management SoftwareProject Management SoftwareProject Management Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_prNNN
cvss4_vuldb_uiNNN
cvss4_vuldb_vcLLL
cvss4_vuldb_viLLL
cvss4_vuldb_vaLLL
cvss4_vuldb_ePPP
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore6.46.46.4
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.66.66.6
cvss3_meta_basescore7.37.37.3
cvss3_meta_tempscore6.66.66.9
cvss4_vuldb_bscore6.96.96.9
cvss4_vuldb_btscore5.55.55.5
advisory_date1734822000 (22/12/2024)1734822000 (22/12/2024)1734822000 (22/12/2024)
price_0day$0-$5k$0-$5k$0-$5k
software_nameAttendance Tracking Management SystemAttendance Tracking Management System
cve_nvd_summaryA vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prN
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore6.9
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore7.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auN
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore7.5

DistreiñAlc'hwezerezhKenderc'hel

Do you know our Splunk app?

Download it now for free!