code-projects Simple Admin Panel 1.0 addVariationController.php qty SQL ଇଞ୍ଜେକ୍ସନ
Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame code-projects Simple Admin Panel 1.0 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii addVariationController.php keessa. Hojii jijjiirraa irratti gaggeeffame qty gara SQL ଇଞ୍ଜେକ୍ସନ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-89 geessa. Dadhabbii kana yeroo 12/25/2024 maxxanfameera. Dogoggorri kun akka CVE-2024-12937tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.
2 ଆଡାପ୍ଟେସନ୍ · 84 ପଏଣ୍ଟ
| ଫିଲ୍ଡ | ସୃଷ୍ଟି ହୋଇଛି 12/25/2024 04:10 PM | ଅଦ୍ୟତନ 1/1 12/26/2024 07:27 AM |
|---|---|---|
| software_vendor | code-projects | code-projects |
| software_name | Simple Admin Panel | Simple Admin Panel |
| software_version | 1.0 | 1.0 |
| software_file | addVariationController.php | addVariationController.php |
| software_argument | qty | qty |
| vulnerability_cwe | CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ) | CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ) |
| vulnerability_risk | 2 | 2 |
| cvss3_vuldb_av | N | N |
| cvss3_vuldb_ac | L | L |
| cvss3_vuldb_ui | N | N |
| cvss3_vuldb_s | U | U |
| cvss3_vuldb_c | L | L |
| cvss3_vuldb_i | L | L |
| cvss3_vuldb_a | L | L |
| cvss3_vuldb_e | P | P |
| cvss3_vuldb_rc | R | R |
| exploit_availability | 1 | 1 |
| exploit_publicity | 1 | 1 |
| source_cve | CVE-2024-12937 | CVE-2024-12937 |
| cna_responsible | VulDB | VulDB |
| software_type | Project Management Software | Project Management Software |
| cvss2_vuldb_av | N | N |
| cvss2_vuldb_ac | L | L |
| cvss2_vuldb_ci | P | P |
| cvss2_vuldb_ii | P | P |
| cvss2_vuldb_ai | P | P |
| cvss2_vuldb_e | POC | POC |
| cvss2_vuldb_rc | UR | UR |
| cvss4_vuldb_av | N | N |
| cvss4_vuldb_ac | L | L |
| cvss4_vuldb_ui | N | N |
| cvss4_vuldb_vc | L | L |
| cvss4_vuldb_vi | L | L |
| cvss4_vuldb_va | L | L |
| cvss4_vuldb_e | P | P |
| cvss2_vuldb_au | S | S |
| cvss2_vuldb_rl | ND | ND |
| cvss3_vuldb_pr | L | L |
| cvss3_vuldb_rl | X | X |
| cvss4_vuldb_at | N | N |
| cvss4_vuldb_pr | L | L |
| cvss4_vuldb_sc | N | N |
| cvss4_vuldb_si | N | N |
| cvss4_vuldb_sa | N | N |
| cvss2_vuldb_basescore | 6.5 | 6.5 |
| cvss2_vuldb_tempscore | 5.6 | 5.6 |
| cvss3_vuldb_basescore | 6.3 | 6.3 |
| cvss3_vuldb_tempscore | 5.7 | 5.7 |
| cvss3_meta_basescore | 6.3 | 6.3 |
| cvss3_meta_tempscore | 5.7 | 6.0 |
| cvss4_vuldb_bscore | 5.3 | 5.3 |
| cvss4_vuldb_btscore | 2.1 | 2.1 |
| advisory_date | 1735081200 (12/25/2024) | 1735081200 (12/25/2024) |
| price_0day | $0-$5k | $0-$5k |
| cve_nvd_summary | A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the argument qty leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |
| cvss4_cna_av | N | |
| cvss4_cna_ac | L | |
| cvss4_cna_at | N | |
| cvss4_cna_pr | L | |
| cvss4_cna_ui | N | |
| cvss4_cna_vc | L | |
| cvss4_cna_vi | L | |
| cvss4_cna_va | L | |
| cvss4_cna_sc | N | |
| cvss4_cna_si | N | |
| cvss4_cna_sa | N | |
| cvss4_cna_bscore | 5.3 | |
| cvss3_cna_av | N | |
| cvss3_cna_ac | L | |
| cvss3_cna_pr | L | |
| cvss3_cna_ui | N | |
| cvss3_cna_s | U | |
| cvss3_cna_c | L | |
| cvss3_cna_i | L | |
| cvss3_cna_a | L | |
| cvss3_cna_basescore | 6.3 | |
| cvss2_cna_av | N | |
| cvss2_cna_ac | L | |
| cvss2_cna_au | S | |
| cvss2_cna_ci | P | |
| cvss2_cna_ii | P | |
| cvss2_cna_ai | P | |
| cvss2_cna_basescore | 6.5 |