VDB-249005 · CVE-2023-7110 · GCVE-100-249005

code-projects Library Management System 2.0 login.php student SQL ଇଞ୍ଜେକ୍ସନ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu code-projects Library Management System 2.0 keessatti argameera. Miidhamni argame is hojii hin beekamne faayilii login.php keessa. Wanti jijjiirame irratti student gara SQL ଇଞ୍ଜେକ୍ସନ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-89 si geessa. Odeeffannoon kun yeroo 12/25/2023 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2023-7110 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 87 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/25/2023 03:21 PM	ଅଦ୍ୟତନ 1/2 01/19/2024 09:09 AM	ଅଦ୍ୟତନ 2/2 12/06/2024 08:34 PM
software_vendor	code-projects	code-projects	code-projects
software_name	Library Management System	Library Management System	Library Management System
software_version	2.0	2.0	2.0
software_file	login.php	login.php	login.php
software_argument	student	student	student
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-2.md	https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-2.md	https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-2.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-2.md	https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-2.md	https://github.com/h4md153v63n/CVEs/blob/main/Library-Management-System/Library-Management-System_SQL_Injection-2.md
source_cve	CVE-2023-7110	CVE-2023-7110	CVE-2023-7110
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1703458800 (12/25/2023)	1703458800 (12/25/2023)	1703458800 (12/25/2023)
software_type	Library Management System Software	Library Management System Software	Library Management System Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	8.1
cvss3_meta_tempscore	6.6	6.6	7.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1703458800 (12/25/2023)	1703458800 (12/25/2023)
cve_nvd_summary		A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249005 was assigned to this vulnerability.	A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249005 was assigned to this vulnerability.
cve_nvd_summaryes			Una vulnerabilidad clasificada como crítica fue encontrada en code-projects Library Management System 2.0. Este problema afecta un procesamiento desconocido del archivo login.php. La manipulación del argumento estudiante conduce a la inyección SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-249005.
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cvss3_cna_basescore			7.3
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8
cvss2_cna_av			N
cvss2_cna_ac			L
cvss2_cna_au			N
cvss2_cna_ci			P
cvss2_cna_ii			P
cvss2_cna_ai			P
cvss2_cna_basescore			7.5
cvss4_vuldb_av			N
cvss4_vuldb_ac			L
cvss4_vuldb_pr			N
cvss4_vuldb_ui			N
cvss4_vuldb_vc			L
cvss4_vuldb_vi			L
cvss4_vuldb_va			L
cvss4_vuldb_e			P
cvss4_vuldb_at			N
cvss4_vuldb_sc			N
cvss4_vuldb_si			N
cvss4_vuldb_sa			N
cvss4_vuldb_bscore			6.9
cvss4_vuldb_btscore			5.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!