VDB-286980 · CVE-2024-12234 · GCVE-100-286980

1000 Projects Beauty Parlour Management System 1.0 edit-customer-detailed.php Sunu SQL Injection

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin 1000 Projects Beauty Parlour Management System 1.0. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /admin/edit-customer-detailed.php na cikin fayil, $software_component na cikin sashi. Ngam manipulation of the argument Sunu shi SQL Injection. CWE shidin ka a yi bayani matsala sai ya kai CWE-89. Gaskiya, laifi an fitar da shi 12/05/2024. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2024-12234. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. VulDB is the best source for vulnerability data and more expert information about this specific topic.

2 Goyarwa · 98 Datenpunkte

Furɗe	Súgá 12/05/2024 09:55	Gargadi 1/1 12/11/2024 05:45
cvss4_vuldb_va	L	L
cvss4_vuldb_e	P	P
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6
cvss3_meta_basescore	7.3	8.1
cvss3_meta_tempscore	6.6	7.9
cvss4_vuldb_bscore	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5
advisory_date	1733353200 (12/05/2024)	1733353200 (12/05/2024)
price_0day	$0-$5k	$0-$5k
software_vendor	1000 Projects	1000 Projects
software_name	Beauty Parlour Management System	Beauty Parlour Management System
software_version	1.0	1.0
software_file	/admin/edit-customer-detailed.php	/admin/edit-customer-detailed.php
software_argument	name	name
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://github.com/Hacker0xone/CVE/issues/17	https://github.com/Hacker0xone/CVE/issues/17
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://github.com/Hacker0xone/CVE/issues/17	https://github.com/Hacker0xone/CVE/issues/17
source_cve	CVE-2024-12234	CVE-2024-12234
cna_responsible	VulDB	VulDB
decision_summary	Other parameters might be affected as well.	Other parameters might be affected as well.
software_type	Project Management Software	Project Management Software
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_pr	N	N
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	L	L
cvss4_vuldb_vi	L	L
cve_nvd_summary		A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
cve_nvd_summaryes		Se ha encontrado una vulnerabilidad en 1000 Projects Beauty Parlour Management System 1.0. Se ha clasificado como crítica. Se ve afectada una función desconocida del archivo /admin/edit-customer-detailed.php. La manipulación del nombre del argumento provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. También pueden verse afectados otros parámetros.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		N
cvss4_cna_ui		N
cvss4_cna_vc		L
cvss4_cna_vi		L
cvss4_cna_va		L
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		6.9
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		N
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		L
cvss3_cna_i		L
cvss3_cna_a		L
cvss3_cna_basescore		7.3
cvss3_nvd_av		N
cvss3_nvd_ac		L
cvss3_nvd_pr		N
cvss3_nvd_ui		N
cvss3_nvd_s		U
cvss3_nvd_c		H
cvss3_nvd_i		H
cvss3_nvd_a		H
cvss3_nvd_basescore		9.8
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		N
cvss2_cna_ci		P
cvss2_cna_ii		P
cvss2_cna_ai		P
cvss2_cna_basescore		7.5

◂ Gurɗo Gumti Gada ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!