VDB-288968 · CVE-2024-12788 · GCVE-100-288968

Codezips Technical Discussion Forum 1.0 signinpost.php Sunankai SQL Injection

Hakika vulnerability da aka rarraba a matsayin kura an gano a Codezips Technical Discussion Forum 1.0. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil signinpost.php, a cikin sashi $software_component. Wuro manipulation of the argument Sunankai ga SQL Injection. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-89. Lalle, rauni an sanar da shi 12/19/2024. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2024-12788. Ngam yiɗi ka a tuma ndiyam ka internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 98 Datenpunkte

Furɗe	Súgá 12/19/2024 09:38	Gargadi 1/2 12/19/2024 19:44	Gargadi 2/2 01/11/2025 02:17
software_vendor	Codezips	Codezips	Codezips
software_name	Technical Discussion Forum	Technical Discussion Forum	Technical Discussion Forum
software_version	1.0	1.0	1.0
software_file	signinpost.php	signinpost.php	signinpost.php
software_argument	username	username	username
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/laowuzi/cve/tree/main/Technical_Discussion_Forum	https://github.com/laowuzi/cve/tree/main/Technical_Discussion_Forum	https://github.com/laowuzi/cve/tree/main/Technical_Discussion_Forum
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/laowuzi/cve/tree/main/Technical_Discussion_Forum	https://github.com/laowuzi/cve/tree/main/Technical_Discussion_Forum	https://github.com/laowuzi/cve/tree/main/Technical_Discussion_Forum
source_cve	CVE-2024-12788	CVE-2024-12788	CVE-2024-12788
cna_responsible	VulDB	VulDB	VulDB
software_type	Forum Software	Forum Software	Forum Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	8.1
cvss3_meta_tempscore	6.6	6.9	7.9
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1734562800 (12/19/2024)	1734562800 (12/19/2024)	1734562800 (12/19/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		7.3	7.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		7.5	7.5
cve_nvd_summaryes			Se encontró una vulnerabilidad en Codezips Technical Discussion Forum 1.0 y se clasificó como crítica. Este problema afecta a algunas funciones desconocidas del archivo signinpost.php. La manipulación del argumento username conduce a una inyección SQL. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al público y puede utilizarse.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!