VDB-289303 · CVE-2024-12943 · GCVE-100-289303

CodeAstro House Rental Management System 1.0 /ownersignup.php f/e/p/m/o/n/c/s/ci/a Okuteekateeka kwa SQL

Waliwo obulabe obwategekeddwa nga ekikulu nnyo obuzuliddwa mu CodeAstro House Rental Management System 1.0. Obulabe buli ku omugaso ogutamanyiddwa ku fayiro /ownersignup.php. Okukyuusa mu lugero f/e/p/m/o/n/c/s/ci/a kireeta Okuteekateeka kwa SQL. Okulambika ekizibu nga ukozesa CWE kivaako CWE-89. Ekizibu kino kyayisibwa ku 25/12/2024. Ekiteeso kino kyawandiikiddwa era kisobola okuddownloadinga ku github.com. Obunafu buno bweyitibwa CVE-2024-12943. Waliwo obusobozi okutandika attack nga oli wala. Ebisingawo ku by'ekikugu biriwo. Okuddamu, waliwo ekikozesebwa ekiriwo. Ekikozesebwa kyategeezeddwa abantu bonna era kisobola okukozesebwa. Mu kiseera kino, omutengo ogw’akaseera ku kikozesebwa kiyinza okuba nga giri mu USD $0-$5k mu kiseera kino. Kiwandiikiddwa nga ebikakasa eby'okukakasa obusobozi. Waliwo omukisa ogusobola okukozesebwa okuddownloadinga exploit ku github.com. Mu mbeera ya 0-day, omuwendo ogwabalirirwako mu kifo ky’obutali mu mateeka gwali wa $0-$5k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 Okukyuusa · 87 Obubonero bw'ebikwata ku byuma

Ekibanja	Kikolebwa 25/12/2024 17:25	Okukozesa enkola empya 1/2 26/12/2024 10:25	Okukozesa enkola empya 2/2 27/12/2024 21:49
software_vendor	CodeAstro	CodeAstro	CodeAstro
software_name	House Rental Management System	House Rental Management System	House Rental Management System
software_version	1.0	1.0	1.0
software_file	/ownersignup.php	/ownersignup.php	/ownersignup.php
software_argument	f/e/p/m/o/n/c/s/ci/a	f/e/p/m/o/n/c/s/ci/a	f/e/p/m/o/n/c/s/ci/a
vulnerability_cwe	CWE-89 (Okuteekateeka kwa SQL)	CWE-89 (Okuteekateeka kwa SQL)	CWE-89 (Okuteekateeka kwa SQL)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/Wind-liberty/CVE/issues/1	https://github.com/Wind-liberty/CVE/issues/1	https://github.com/Wind-liberty/CVE/issues/1
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/Wind-liberty/CVE/issues/1	https://github.com/Wind-liberty/CVE/issues/1	https://github.com/Wind-liberty/CVE/issues/1
source_cve	CVE-2024-12943	CVE-2024-12943	CVE-2024-12943
cna_responsible	VulDB	VulDB	VulDB
decision_summary	The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.	The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.	The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	7.3
cvss3_meta_tempscore	6.6	6.9	6.9
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1735081200 (25/12/2024)	1735081200 (25/12/2024)	1735081200 (25/12/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.	A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		7.3	7.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		7.5	7.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en CodeAstro House Rental Management System 1.0. Se ha declarado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /ownersignup.php. La manipulación del argumento f/e/p/m/o/n/c/s/ci/a provoca una inyección SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse. El aviso inicial para investigadores solo menciona el parámetro "m" que se verá afectado, pero se debe suponer que también se verán afectados muchos otros parámetros.

◂ Ddaabayo Okusaba Kw'ebintu Byonna Genda mu maaso ▸

Do you know our Splunk app?

Download it now for free!