code-projects Pharmacy Management System 1.0 /add_new_supplier.php Sunu SQL Injection

Gaskiya vulnerability da aka ware a matsayin kura an samu a code-projects Pharmacy Management System 1.0. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /add_new_supplier.php, a cikin sashen $software_component. A sa manipulation of the argument Sunu ka SQL Injection. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-89. Hakika, rauni an bayyana shi 10/18/2024. An raba bayanin tsaro don saukewa a gist.github.com. Wannan matsala ana saninta da CVE-2024-10139. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga gist.github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

2 Goyarwa · 86 Datenpunkte

FurɗeSúgá
10/18/2024 18:26		Gargadi 1/1
10/19/2024 16:45
software_vendorcode-projectscode-projects
software_namePharmacy Management SystemPharmacy Management System
software_version1.01.0
software_file/add_new_supplier.php/add_new_supplier.php
software_argumentnamename
vulnerability_cweCWE-89 (SQL Injection)CWE-89 (SQL Injection)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://gist.github.com/higordiego/155be99b5314d97b276a7b30b9e6dec0https://gist.github.com/higordiego/155be99b5314d97b276a7b30b9e6dec0
exploit_availability11
exploit_publicity11
exploit_urlhttps://gist.github.com/higordiego/155be99b5314d97b276a7b30b9e6dec0https://gist.github.com/higordiego/155be99b5314d97b276a7b30b9e6dec0
source_cveCVE-2024-10139CVE-2024-10139
cna_responsibleVulDBVulDB
software_typeProject Management SoftwareProject Management Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_uiNN
cvss4_vuldb_vcLL
cvss4_vuldb_viLL
cvss4_vuldb_vaLL
cvss4_vuldb_ePP
cvss2_vuldb_auSS
cvss2_vuldb_rlNDND
cvss3_vuldb_prLL
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_prLL
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.65.6
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore5.75.7
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore5.76.0
cvss4_vuldb_bscore5.35.3
cvss4_vuldb_btscore2.12.1
advisory_date1729202400 (10/18/2024)1729202400 (10/18/2024)
price_0day$0-$5k$0-$5k
cve_nvd_summaryA vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore5.3
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore6.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore6.5

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!