1000 Projects Beauty Parlour Management System 1.0 /admin/edit-services.php sername SQL Injection

Gaskiya vulnerability da aka ware a matsayin kura an samu a 1000 Projects Beauty Parlour Management System 1.0. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /admin/edit-services.php, a cikin sashen $software_component. A sa manipulation of the argument sername ka SQL Injection. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-89. Hakika, rauni an bayyana shi 11/24/2024. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2024-11646. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

2 Goyarwa · 86 Datenpunkte

FurɗeSúgá
11/24/2024 16:06		Gargadi 1/1
11/25/2024 03:03
software_vendor1000 Projects1000 Projects
software_nameBeauty Parlour Management SystemBeauty Parlour Management System
software_version1.01.0
software_file/admin/edit-services.php/admin/edit-services.php
software_argumentsernamesername
vulnerability_cweCWE-89 (SQL Injection)CWE-89 (SQL Injection)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/ppp-src/CVE/issues/33https://github.com/ppp-src/CVE/issues/33
exploit_availability11
exploit_publicity11
exploit_urlhttps://github.com/ppp-src/CVE/issues/33https://github.com/ppp-src/CVE/issues/33
source_cveCVE-2024-11646CVE-2024-11646
cna_responsibleVulDBVulDB
cvss4_vuldb_vcLL
cvss4_vuldb_viLL
cvss4_vuldb_vaLL
cvss4_vuldb_ePP
cvss2_vuldb_rlNDND
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.46.4
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore6.66.6
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore6.66.9
cvss4_vuldb_bscore6.96.9
cvss4_vuldb_btscore5.55.5
advisory_date1732402800 (11/24/2024)1732402800 (11/24/2024)
price_0day$0-$5k$0-$5k
software_typeProject Management SoftwareProject Management Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_prNN
cvss4_vuldb_uiNN
cve_nvd_summaryA vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prN
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore6.9
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore7.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auN
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore7.5

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!