code-projects Simple Admin Panel 1.0 updateItemController.php p_desk SQL Injection
Wuro vulnerability wey an yi classify sey kura an gano shi a cikin code-projects Simple Admin Panel 1.0. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, updateItemController.php na cikin fayil, $software_component na cikin sashi. Ngam manipulation of the argument p_desk shi SQL Injection. CWE shidin ka a yi bayani matsala sai ya kai CWE-89. Gaskiya, laifi an fitar da shi 12/25/2024. Wannan rauni ana sayar da shi da suna CVE-2024-12934. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Kama 0-day, an ndiyam a wuro be $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
2 Goyarwa · 84 Datenpunkte
| Furɗe | Súgá 12/25/2024 16:09 | Gargadi 1/1 12/26/2024 05:31 |
|---|---|---|
| cvss2_vuldb_basescore | 6.5 | 6.5 |
| cvss2_vuldb_tempscore | 5.6 | 5.6 |
| cvss3_vuldb_basescore | 6.3 | 6.3 |
| cvss3_vuldb_tempscore | 5.7 | 5.7 |
| cvss3_meta_basescore | 6.3 | 6.3 |
| cvss3_meta_tempscore | 5.7 | 6.0 |
| cvss4_vuldb_bscore | 5.3 | 5.3 |
| cvss4_vuldb_btscore | 2.1 | 2.1 |
| advisory_date | 1735081200 (12/25/2024) | 1735081200 (12/25/2024) |
| price_0day | $0-$5k | $0-$5k |
| software_vendor | code-projects | code-projects |
| software_name | Simple Admin Panel | Simple Admin Panel |
| software_version | 1.0 | 1.0 |
| software_file | updateItemController.php | updateItemController.php |
| software_argument | p_desk | p_desk |
| vulnerability_cwe | CWE-89 (SQL Injection) | CWE-89 (SQL Injection) |
| vulnerability_risk | 2 | 2 |
| cvss3_vuldb_av | N | N |
| cvss3_vuldb_ac | L | L |
| cvss3_vuldb_ui | N | N |
| cvss3_vuldb_s | U | U |
| cvss3_vuldb_c | L | L |
| cvss3_vuldb_i | L | L |
| cvss3_vuldb_a | L | L |
| cvss3_vuldb_e | P | P |
| cvss3_vuldb_rc | R | R |
| exploit_availability | 1 | 1 |
| exploit_publicity | 1 | 1 |
| source_cve | CVE-2024-12934 | CVE-2024-12934 |
| cna_responsible | VulDB | VulDB |
| software_type | Project Management Software | Project Management Software |
| cvss2_vuldb_av | N | N |
| cvss2_vuldb_ac | L | L |
| cvss2_vuldb_ci | P | P |
| cvss2_vuldb_ii | P | P |
| cvss2_vuldb_ai | P | P |
| cvss2_vuldb_e | POC | POC |
| cvss2_vuldb_rc | UR | UR |
| cvss4_vuldb_av | N | N |
| cvss4_vuldb_ac | L | L |
| cvss4_vuldb_ui | N | N |
| cvss4_vuldb_vc | L | L |
| cvss4_vuldb_vi | L | L |
| cvss4_vuldb_va | L | L |
| cvss4_vuldb_e | P | P |
| cvss2_vuldb_au | S | S |
| cvss2_vuldb_rl | ND | ND |
| cvss3_vuldb_pr | L | L |
| cvss3_vuldb_rl | X | X |
| cvss4_vuldb_at | N | N |
| cvss4_vuldb_pr | L | L |
| cvss4_vuldb_sc | N | N |
| cvss4_vuldb_si | N | N |
| cvss4_vuldb_sa | N | N |
| cve_nvd_summary | A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument p_desk leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |
| cvss4_cna_av | N | |
| cvss4_cna_ac | L | |
| cvss4_cna_at | N | |
| cvss4_cna_pr | L | |
| cvss4_cna_ui | N | |
| cvss4_cna_vc | L | |
| cvss4_cna_vi | L | |
| cvss4_cna_va | L | |
| cvss4_cna_sc | N | |
| cvss4_cna_si | N | |
| cvss4_cna_sa | N | |
| cvss4_cna_bscore | 5.3 | |
| cvss3_cna_av | N | |
| cvss3_cna_ac | L | |
| cvss3_cna_pr | L | |
| cvss3_cna_ui | N | |
| cvss3_cna_s | U | |
| cvss3_cna_c | L | |
| cvss3_cna_i | L | |
| cvss3_cna_a | L | |
| cvss3_cna_basescore | 6.3 | |
| cvss2_cna_av | N | |
| cvss2_cna_ac | L | |
| cvss2_cna_au | S | |
| cvss2_cna_ci | P | |
| cvss2_cna_ii | P | |
| cvss2_cna_ai | P | |
| cvss2_cna_basescore | 6.5 |