VDB-279948 · CVE-2024-9797 · GCVE-100-279948

code-projects Blood Bank System 1.0 register.php Màdùmga SQL Injection

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin code-projects Blood Bank System 1.0. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, register.php na cikin fayil, $software_component na cikin sashi. Ngam manipulation of the argument Màdùmga shi SQL Injection. CWE shidin ka a yi bayani matsala sai ya kai CWE-89. Gaskiya, laifi an fitar da shi 10/10/2024. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2024-9797. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. VulDB is the best source for vulnerability data and more expert information about this specific topic.

4 Goyarwa · 123 Datenpunkte

Furɗe	Súgá 10/10/2024 09:32	Gargadi 1/3 10/10/2024 10:39	Gargadi 2/3 10/10/2024 10:42	Gargadi 3/3 10/16/2024 09:06
software_vendor	code-projects	code-projects	code-projects	code-projects
software_name	Blood Bank System	Blood Bank System	Blood Bank System	Blood Bank System
software_version	1.0	1.0	1.0	1.0
software_file	register.php	register.php	register.php	register.php
software_argument	user	user	user	user
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	N	N	N	N
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/siyuancn-hub/cve/blob/main/sql4-user.md	https://github.com/siyuancn-hub/cve/blob/main/sql4-user.md	https://github.com/siyuancn-hub/cve/blob/main/sql4-user.md	https://github.com/siyuancn-hub/cve/blob/main/sql4-user.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/siyuancn-hub/cve/blob/main/sql4-user.md	https://github.com/siyuancn-hub/cve/blob/main/sql4-user.md	https://github.com/siyuancn-hub/cve/blob/main/sql4-user.md	https://github.com/siyuancn-hub/cve/blob/main/sql4-user.md
source_cve	CVE-2024-9797	CVE-2024-9797	CVE-2024-9797	CVE-2024-9797
cna_responsible	VulDB	VulDB	VulDB	VulDB
software_type	Banking Software	Banking Software	Banking Software	Banking Software
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_au	N	N	N	N
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	N	N	N	N
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	8.6	8.0
cvss3_meta_tempscore	6.6	6.6	8.1	7.8
cvss4_vuldb_bscore	6.9	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5	5.5
advisory_date	1728511200 (10/10/2024)	1728511200 (10/10/2024)	1728511200 (10/10/2024)	1728511200 (10/10/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cvss3_researcher_rl		W	W	W
cvss2_researcher_ac		H	H	H
exploit_language		PHP	PHP	PHP
cvss2_researcher_e		H	H	H
cvss2_researcher_rc		C	C	C
cvss3_researcher_c		H	H	H
cvss3_researcher_rc		C	C	C
cvss3_researcher_i		H	H	H
cvss3_researcher_ui		N	N	N
cvss3_researcher_e		H	H	H
cvss2_researcher_ci		C	C	C
cvss2_researcher_av		N	N	N
vulnerability_historic		0	0	0
cvss3_researcher_s		C	C	C
cvss2_researcher_au		N	N	N
cvss3_researcher_ac		L	L	L
cvss2_researcher_rl		W	W	W
cvss3_researcher_pr		N	N	N
cvss3_researcher_a		H	H	H
cvss2_researcher_ii		C	C	C
cvss3_researcher_av		N	N	N
cvss2_researcher_ai		C	C	C
cvss2_researcher_basescore			7.6	7.6
cvss3_researcher_basescore			10.0	10.0
cve_nvd_summary				A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file register.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryes				En code-projects Blood Bank System 1.0 se ha encontrado una vulnerabilidad clasificada como crítica. Se trata de una función desconocida del archivo register.php. La manipulación del argumento user provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
cvss4_cna_av				N
cvss4_cna_ac				L
cvss4_cna_at				N
cvss4_cna_pr				N
cvss4_cna_ui				N
cvss4_cna_vc				L
cvss4_cna_vi				L
cvss4_cna_va				L
cvss4_cna_sc				N
cvss4_cna_si				N
cvss4_cna_sa				N
cvss4_cna_bscore				6.9
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				N
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				N
cvss3_nvd_a				N
cvss3_nvd_basescore				7.5
cvss3_cna_av				N
cvss3_cna_ac				L
cvss3_cna_pr				N
cvss3_cna_ui				N
cvss3_cna_s				U
cvss3_cna_c				L
cvss3_cna_i				L
cvss3_cna_a				L
cvss3_cna_basescore				7.3
cvss2_cna_av				N
cvss2_cna_ac				L
cvss2_cna_au				N
cvss2_cna_ci				P
cvss2_cna_ii				P
cvss2_cna_ai				P
cvss2_cna_basescore				7.5

◂ Gurɗo Gumti Gada ▸

Might our Artificial Intelligence support you?

Check our Alexa App!