VDB-282929 · CVE-2024-10760 · GCVE-100-282929

code-projects University Event Management System 1.0 /dodelete.php ID SQL Injection

Hakika vulnerability da aka rarraba a matsayin kura an gano a code-projects University Event Management System 1.0. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /dodelete.php, a cikin sashi $software_component. Wuro manipulation of the argument ID ga SQL Injection. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-89. Lalle, rauni an sanar da shi 11/03/2024 da Blog Post. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2024-10760. Ngam yiɗi ka a tuma ndiyam ka nder internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

4 Goyarwa · 115 Datenpunkte

Furɗe	Súgá 11/03/2024 08:39	Gargadi 1/3 11/03/2024 18:28	Gargadi 2/3 11/03/2024 18:31	Gargadi 3/3 11/04/2024 07:40
software_vendor	code-projects	code-projects	code-projects	code-projects
software_name	University Event Management System	University Event Management System	University Event Management System	University Event Management System
software_version	1.0	1.0	1.0	1.0
software_file	/dodelete.php	/dodelete.php	/dodelete.php	/dodelete.php
software_argument	id	id	id	id
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/MurphyEutopia/cve/blob/main/sql15.md	https://github.com/MurphyEutopia/cve/blob/main/sql15.md	https://github.com/MurphyEutopia/cve/blob/main/sql15.md	https://github.com/MurphyEutopia/cve/blob/main/sql15.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/MurphyEutopia/cve/blob/main/sql15.md	https://github.com/MurphyEutopia/cve/blob/main/sql15.md	https://github.com/MurphyEutopia/cve/blob/main/sql15.md	https://github.com/MurphyEutopia/cve/blob/main/sql15.md
source_cve	CVE-2024-10760	CVE-2024-10760	CVE-2024-10760	CVE-2024-10760
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss3_meta_tempscore	5.7	5.7	7.1	6.8
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1730588400 (11/03/2024)	1730588400 (11/03/2024)	1730588400 (11/03/2024)	1730588400 (11/03/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
software_type	Project Management Software	Project Management Software	Project Management Software	Project Management Software
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.6	7.2
cvss3_researcher_av		N	N	N
cvss3_researcher_rc		C	C	C
cvss2_researcher_ac		L	L	L
cvss3_researcher_c		H	H	H
cvss2_researcher_av		N	N	N
cvss3_researcher_rl		W	W	W
cvss3_researcher_pr		N	N	N
cvss2_researcher_ci		C	C	C
cvss2_researcher_rl		W	W	W
cvss3_researcher_i		H	H	H
cvss2_researcher_ai		C	C	C
exploit_date		1730588400 (11/03/2024)	1730588400 (11/03/2024)	1730588400 (11/03/2024)
cvss3_researcher_ac		H	H	H
cvss2_researcher_au		N	N	N
cvss2_researcher_e		F	F	F
cvss3_researcher_a		H	H	H
cvss3_researcher_ui		N	N	N
developer_name		Murphy	Murphy	Murphy
vulnerability_historic		0	0	0
cvss2_researcher_ii		C	C	C
advisory_type		Blog Post	Blog Post	Blog Post
cvss3_researcher_s		C	C	C
cvss3_researcher_e		F	F	F
cvss2_researcher_rc		C	C	C
cvss2_researcher_basescore			10.0	10.0
cvss3_researcher_basescore			9.0	9.0
cve_nvd_summary				A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av				N
cvss4_cna_ac				L
cvss4_cna_at				N
cvss4_cna_pr				L
cvss4_cna_ui				N
cvss4_cna_vc				L
cvss4_cna_vi				L
cvss4_cna_va				L
cvss4_cna_sc				N
cvss4_cna_si				N
cvss4_cna_sa				N
cvss4_cna_bscore				5.3
cvss3_cna_av				N
cvss3_cna_ac				L
cvss3_cna_pr				L
cvss3_cna_ui				N
cvss3_cna_s				U
cvss3_cna_c				L
cvss3_cna_i				L
cvss3_cna_a				L
cvss3_cna_basescore				6.3
cvss2_cna_av				N
cvss2_cna_ac				L
cvss2_cna_au				S
cvss2_cna_ci				P
cvss2_cna_ii				P
cvss2_cna_ai				P
cvss2_cna_basescore				6.5

◂ Gurɗo Gumti Gada ▸

Do you need the next level of professionalism?

Upgrade your account now!