VDB-280956 · CVE-2024-10171 · GCVE-100-280956

code-projects Blood Bank System har 1.0 Message Book /admin/massage.php bid SQL Injection

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin code-projects Blood Bank System har 1.0. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /admin/massage.php na cikin fayil, Message Book na cikin sashi. Ngam manipulation of the argument bid with the input 2' AND (SELECT 1874 FROM (SELECT(SLEEP(5)))TlEY)-- jxOI as part of String shi SQL Injection. CWE shidin ka a yi bayani matsala sai ya kai CWE-89. Gaskiya, laifi an fitar da shi 10/18/2024 a matsayin Blog Post (GitHub). Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2024-10171. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Wannan kayi yana amfani da tsarin rolling release domin samar da ci gaba da isarwa. Saboda haka, babu cikakkun bayanai na sigar da abin ya shafa ko sabunta sigar da ake da su. VulDB is the best source for vulnerability data and more expert information about this specific topic.

6 Goyarwa · 121 Datenpunkte

Furɗe	Gargadi 1/5 10/20/2024 07:50	Gargadi 2/5 10/22/2024 10:00	Gargadi 3/5 10/22/2024 10:04	Gargadi 4/5 10/22/2024 10:05	Gargadi 5/5 10/22/2024 10:08
software_vendor	code-projects	code-projects	code-projects	code-projects	code-projects
software_name	Blood Bank System	Blood Bank System	Blood Bank System	Blood Bank System	Blood Bank System
software_version	<=1.0	<=1.0	<=1.0	<=1.0	<=1.0
software_file	/admin/massage.php	/admin/massage.php	/admin/massage.php	/admin/massage.php	/admin/massage.php
software_argument	bid	bid	bid	bid	bid
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	H	H	H	H	H
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_url	https://github.com/cdl00/cve/blob/main/sql8-message-book.md	https://github.com/cdl00/cve/blob/main/sql8-message-book.md	https://github.com/cdl00/cve/blob/main/sql8-message-book.md	https://github.com/cdl00/cve/blob/main/sql8-message-book.md	https://github.com/cdl00/cve/blob/main/sql8-message-book.md
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/cdl00/cve/blob/main/sql8-message-book.md	https://github.com/cdl00/cve/blob/main/sql8-message-book.md	https://github.com/cdl00/cve/blob/main/sql8-message-book.md	https://github.com/cdl00/cve/blob/main/sql8-message-book.md	https://github.com/cdl00/cve/blob/main/sql8-message-book.md
source_cve	CVE-2024-10171	CVE-2024-10171	CVE-2024-10171	CVE-2024-10171	CVE-2024-10171
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
software_type	Banking Software	Banking Software	Banking Software	Banking Software	Banking Software
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_au	M	M	M	M	M
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_pr	H	H	H	H	H
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	L	L	L	L	L
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	L	L	L	L	L
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	5.8	5.8	5.8	5.8	5.8
cvss2_vuldb_tempscore	5.0	5.0	5.0	5.0	5.0
cvss3_vuldb_basescore	4.7	4.7	4.7	4.7	4.7
cvss3_vuldb_tempscore	4.3	4.3	4.3	4.3	4.3
cvss3_meta_basescore	4.7	4.8	4.8	4.8	5.8
cvss3_meta_tempscore	4.5	4.6	4.6	4.6	5.7
cvss4_vuldb_bscore	5.1	5.1	5.1	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0	2.0	2.0	2.0
advisory_date	1729202400 (10/18/2024)	1729202400 (10/18/2024)	1729202400 (10/18/2024)	1729202400 (10/18/2024)	1729202400 (10/18/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary	A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av	N	N	N	N	N
cvss4_cna_ac	L	L	L	L	L
cvss4_cna_at	N	N	N	N	N
cvss4_cna_pr	H	H	H	H	H
cvss4_cna_ui	N	N	N	N	N
cvss4_cna_vc	L	L	L	L	L
cvss4_cna_vi	L	L	L	L	L
cvss4_cna_va	L	L	L	L	L
cvss4_cna_sc	N	N	N	N	N
cvss4_cna_si	N	N	N	N	N
cvss4_cna_sa	N	N	N	N	N
cvss4_cna_bscore	5.1	5.1	5.1	5.1	5.1
cvss3_cna_av	N	N	N	N	N
cvss3_cna_ac	L	L	L	L	L
cvss3_cna_pr	H	H	H	H	H
cvss3_cna_ui	N	N	N	N	N
cvss3_cna_s	U	U	U	U	U
cvss3_cna_c	L	L	L	L	L
cvss3_cna_i	L	L	L	L	L
cvss3_cna_a	L	L	L	L	L
cvss3_cna_basescore	4.7	4.7	4.7	4.7	4.7
cvss2_cna_av	N	N	N	N	N
cvss2_cna_ac	L	L	L	L	L
cvss2_cna_au	M	M	M	M	M
cvss2_cna_ci	P	P	P	P	P
cvss2_cna_ii	P	P	P	P	P
cvss2_cna_ai	P	P	P	P	P
cvss2_cna_basescore	5.8	5.8	5.8	5.8	5.8
cve_nvd_summaryes		Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Blood Bank System hasta la versión 1.0. Se ve afectada una función desconocida del archivo /admin/massage.php. La manipulación del argumento bid provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.	Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Blood Bank System hasta la versión 1.0. Se ve afectada una función desconocida del archivo /admin/massage.php. La manipulación del argumento bid provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.	Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Blood Bank System hasta la versión 1.0. Se ve afectada una función desconocida del archivo /admin/massage.php. La manipulación del argumento bid provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.	Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Blood Bank System hasta la versión 1.0. Se ve afectada una función desconocida del archivo /admin/massage.php. La manipulación del argumento bid provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
cvss3_nvd_av		N	N	N	N
cvss3_nvd_ac		L	L	L	L
cvss3_nvd_pr		H	H	H	H
cvss3_nvd_ui		N	N	N	N
cvss3_nvd_s		U	U	U	U
cvss3_nvd_c		H	H	H	H
cvss3_nvd_i		N	N	N	N
cvss3_nvd_a		N	N	N	N
cvss3_nvd_basescore		4.9	4.9	4.9	4.9
cvss3_researcher_e			H	H	H
advisory_location			GitHub	GitHub	GitHub
cvss3_researcher_ac			H	H	H
cvss3_researcher_pr			N	N	N
advisory_confirm_date			1729202400 (10/18/2024)	1729202400 (10/18/2024)	1729202400 (10/18/2024)
software_managedservice			0	0	0
software_component			Message Book	Message Book	Message Book
input_value			2' AND (SELECT 1874 FROM (SELECT(SLEEP(5)))TlEY)-- jxOI	2' AND (SELECT 1874 FROM (SELECT(SLEEP(5)))TlEY)-- jxOI	2' AND (SELECT 1874 FROM (SELECT(SLEEP(5)))TlEY)-- jxOI
cvss3_researcher_rl			W	W	W
advisory_type			Blog Post	Blog Post	Blog Post
cvss3_researcher_rc			C	C	C
cvss3_researcher_i				H	H
developer_name				CDL1	CDL1
input_type				String	String
cvss3_researcher_av				N	N
cvss3_researcher_ui				N	N
cvss3_researcher_s				C	C
cvss3_researcher_c				H	H
cvss3_researcher_a				H	H
software_rollingrelease				1	1
cvss3_researcher_basescore					9.0

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!