VDB-268140 · CVE-2024-5896 · GCVE-100-268140

SourceCodester Employee and Visitor Gate Pass Logging System 1.0 Users.php?f=save save_users ID SQL ଇଞ୍ଜେକ୍ସନ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame SourceCodester Employee and Visitor Gate Pass Logging System 1.0 keessatti argameera. Kan miidhamte is hojii save_users faayilii /classes/Users.php?f=save keessa. Hojii jijjiirraa irratti gaggeeffame ID gara SQL ଇଞ୍ଜେକ୍ସନ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-89 geessa. Dadhabbii kana yeroo 06/12/2024 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2024-5896tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

6 ଆଡାପ୍ଟେସନ୍ · 114 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ଅଦ୍ୟତନ 1/5 06/12/2024 11:54 AM	ଅଦ୍ୟତନ 2/5 06/12/2024 11:57 AM	ଅଦ୍ୟତନ 3/5 06/12/2024 01:23 PM	ଅଦ୍ୟତନ 4/5 06/13/2024 08:31 PM	ଅଦ୍ୟତନ 5/5 08/23/2024 06:48 PM
software_vendor	SourceCodester	SourceCodester	SourceCodester	SourceCodester	SourceCodester
software_name	Employee and Visitor Gate Pass Logging System	Employee and Visitor Gate Pass Logging System	Employee and Visitor Gate Pass Logging System	Employee and Visitor Gate Pass Logging System	Employee and Visitor Gate Pass Logging System
software_version	1.0	1.0	1.0	1.0	1.0
software_file	/classes/Users.php?f=save	/classes/Users.php?f=save	/classes/Users.php?f=save	/classes/Users.php?f=save	/classes/Users.php?f=save
software_function	save_users	save_users	save_users	save_users	save_users
software_argument	id	id	id	id	id
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_url	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md	https://github.com/Hefei-Coffee/cve/blob/main/sql12.md
source_cve	CVE-2024-5896	CVE-2024-5896	CVE-2024-5896	CVE-2024-5896	CVE-2024-5896
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
advisory_date	1718143200 (06/12/2024)	1718143200 (06/12/2024)	1718143200 (06/12/2024)	1718143200 (06/12/2024)	1718143200 (06/12/2024)
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	L	L	L	L	L
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	L	L	L	L	L
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_au	S	S	N	N	N
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	N	N	N
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_pr	L	L	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	7.5	7.5	7.5
cvss2_vuldb_tempscore	5.6	5.6	6.4	6.4	6.4
cvss3_vuldb_basescore	6.3	6.3	7.3	7.3	7.3
cvss3_vuldb_tempscore	5.7	5.7	6.6	6.6	6.6
cvss3_meta_basescore	6.3	7.6	8.1	7.9	8.3
cvss3_meta_tempscore	5.7	7.2	7.6	7.5	8.1
cvss4_vuldb_bscore	5.3	5.3	6.9	6.9	6.9
cvss4_vuldb_btscore	2.1	2.1	5.5	5.5	5.5
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cvss3_researcher_s	C	C	C	C	C
cvss3_researcher_ac	H	H	H	H	H
cvss3_researcher_pr	N	N	N	N	N
cvss3_researcher_ui	N	N	N	N	N
cvss3_researcher_i	H	H	H	H	H
cvss3_researcher_a	H	H	H	H	H
cvss3_researcher_e	X	X	X	X	X
cvss3_researcher_rc	R	R	R	R	R
cvss3_researcher_c	H	H	H	H	H
cvss3_researcher_av	N	N	N	N	N
cvss3_researcher_rl	X	X	X	X	X
cvss3_researcher_basescore		9.0	9.0	9.0	9.0
cve_nvd_summary				A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268140.	A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268140.
cve_nvd_summaryes				Una vulnerabilidad fue encontrada en SourceCodester Employee and Visitor Gate Pass Logging System 1.0 y clasificada como crítica. La función save_users del fichero /classes/Users.php?f=save es afectada por la vulnerabilidad. La manipulación del argumento id conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-268140.	Una vulnerabilidad fue encontrada en SourceCodester Employee and Visitor Gate Pass Logging System 1.0 y clasificada como crítica. La función save_users del fichero /classes/Users.php?f=save es afectada por la vulnerabilidad. La manipulación del argumento id conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-268140.
cvss3_cna_av				N	N
cvss3_cna_ac				L	L
cvss3_cna_pr				N	N
cvss3_cna_ui				N	N
cvss3_cna_s				U	U
cvss3_cna_c				L	L
cvss3_cna_i				L	L
cvss3_cna_a				L	L
cvss3_cna_basescore				7.3	7.3
cvss2_cna_av				N	N
cvss2_cna_ac				L	L
cvss2_cna_au				N	N
cvss2_cna_ci				P	P
cvss2_cna_ii				P	P
cvss2_cna_ai				P	P
cvss2_cna_basescore				7.5	7.5
cvss3_nvd_av					N
cvss3_nvd_ac					L
cvss3_nvd_pr					N
cvss3_nvd_ui					N
cvss3_nvd_s					U
cvss3_nvd_c					H
cvss3_nvd_i					H
cvss3_nvd_a					H
cvss3_nvd_basescore					9.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!