VDB-289279 · CVE-2024-12926 · GCVE-100-289279

Codezips Project Management System 1.0 advanced.php Sunu SQL Injection

Gaskiya vulnerability da aka ware a matsayin kura an samu a Codezips Project Management System 1.0. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /pages/forms/advanced.php, a cikin sashen $software_component. A sa manipulation of the argument Sunu ka SQL Injection. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-89. Hakika, rauni an bayyana shi 12/25/2024. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2024-12926. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 Goyarwa · 88 Datenpunkte

Furɗe	Súgá 12/25/2024 15:51	Gargadi 1/2 12/25/2024 21:26	Gargadi 2/2 12/27/2024 21:49
software_vendor	Codezips	Codezips	Codezips
software_name	Project Management System	Project Management System	Project Management System
software_version	1.0	1.0	1.0
software_file	/pages/forms/advanced.php	/pages/forms/advanced.php	/pages/forms/advanced.php
software_argument	name	name	name
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/dawatermelon/CVE/blob/main/CodeZips%20Project%20Management%20System/README.md	https://github.com/dawatermelon/CVE/blob/main/CodeZips%20Project%20Management%20System/README.md	https://github.com/dawatermelon/CVE/blob/main/CodeZips%20Project%20Management%20System/README.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/dawatermelon/CVE/blob/main/CodeZips%20Project%20Management%20System/README.md	https://github.com/dawatermelon/CVE/blob/main/CodeZips%20Project%20Management%20System/README.md	https://github.com/dawatermelon/CVE/blob/main/CodeZips%20Project%20Management%20System/README.md
source_cve	CVE-2024-12926	CVE-2024-12926	CVE-2024-12926
cna_responsible	VulDB	VulDB	VulDB
decision_summary	Other parameters might be affected as well.	Other parameters might be affected as well.	Other parameters might be affected as well.
software_type	Project Management Software	Project Management Software	Project Management Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3
cvss3_meta_tempscore	5.7	6.0	6.0
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1735081200 (12/25/2024)	1735081200 (12/25/2024)	1735081200 (12/25/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.	A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cve_nvd_summaryes			Una vulnerabilidad fue encontrada en Codezips Project Management System 1.0 y clasificada como crítica. Una función desconocida del archivo /pages/forms/advanced.php es afectada por esta vulnerabilidad. La manipulación del nombre del argumento conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. Otros parámetros también podrían verse afectados.

◂ Gurɗo Gumti Gada ▸

Might our Artificial Intelligence support you?

Check our Alexa App!