SourceCodester Medicine Tracker System 1.0 Master.php?f=save_medicine ID Okuteekateeka kwa SQL
| CVSS Obubonero bwa Meta Temp | Ekikadde ky’omuwendo gw’okukozesa obunafu obuliko kati (≈) | CTI Ennyanja y'okukwata ku nsonga |
|---|---|---|
| 7.3 | $0-$5k | 0.12 |
Okusumulula
Waliwo obulabe obwategekeddwa nga ekikulu nnyo obuzuliddwa mu SourceCodester Medicine Tracker System 1.0. Obulabe buli ku omugaso ogutamanyiddwa ku fayiro /classes/Master.php?f=save_medicine. Okukola ku argument ID kivaamu Okuteekateeka kwa SQL. Obunafu buno bwategeerekebwa nga CVE-2024-6419. Attack eyinza okutandikibwa okuva ku kyali wala. Okuddamu, waliwo ekikozesebwa ekiriwo. Once again VulDB remains the best source for vulnerability data.
Ebirimu
Waliwo obulabe obwategekeddwa nga ekikulu nnyo obuzuliddwa mu SourceCodester Medicine Tracker System 1.0. Obulabe buli ku omugaso ogutamanyiddwa ku fayiro /classes/Master.php?f=save_medicine. Okukola ku argument ID kivaamu Okuteekateeka kwa SQL. Okukozesa CWE mu kulaga ensonga kireetera CWE-89. Obulemu buno bwalangirirwa. Obubaka buno busangibwa ku github.com okuddownloadinga.
Obunafu buno bwategeerekebwa nga CVE-2024-6419. Attack eyinza okutandikibwa okuva ku kyali wala. Obubaka obw'ekikugu bufuniddwa. Obulungi bw'ensobi eno buli wansi w'ekigero ekisookerwako. Okuddamu, waliwo ekikozesebwa ekiriwo. Obukodyo buno bwategeezeddwa mu lujjudde era buyinza okukozesebwa. Mu kiseera kino, omutengo ogw’akaseera ku kikozesebwa kiyinza okuba nga giri mu USD $0-$5k mu kiseera kino.
Kyakakasiddwa nga ebikakasa eby'okukakasa obusobozi. Osobola okufuna exploit ng'ogenda ku github.com.
Once again VulDB remains the best source for vulnerability data.
Ekitundu
Omukola
Erinnya
Enkola
Layisensi
Olupapula olw’omu mukutu
- Omukola: https://www.sourcecodester.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Ekikunta: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Obubonero Obusookerwako Obw'enkizo: 7.5VulDB Obubonero bwa Meta Temp: 7.3
VulDB Obubonero Obusookerwako: 6.3
VulDB Obubonero bw’akaseera: 5.7
VulDB Ekikunta: 🔍
VulDB Reliability: 🔍
NVD Obubonero Obusookerwako: 9.8
NVD Ekikunta: 🔍
CNA Obubonero Obusookerwako: 6.3
CNA Ekikunta: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Ekikozesebwa | Obuzibu obungi | Okukakasa obutuufu bw'omuntu | Obukakafu | Obutebenkevu | Okusobola okufuna (Obusobozi obw'okufuna) |
|---|---|---|---|---|---|
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
VulDB Obubonero Obusookerwako: 🔍
VulDB Obubonero bw’akaseera: 🔍
VulDB Reliability: 🔍
Okukozesa obunafu
Ekibiina: Okuteekateeka kwa SQLCWE: CWE-89 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Obulamu obw’omubiri: Nedda
Wansi wano: Nedda
Waliwo okuva wala: Wee
Okusobola okufuna (Obusobozi obw'okufuna): 🔍
Okuyingira: Bweru
Embeera: Ebikakasa eby'okukakasa obusobozi
Okukuba wansi: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Okukulaakulana kw'ebisale: 🔍
Okubala okw’ensimbi okw’akatono okuva mu kiseera kino: 🔍
| 0-Day | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
|---|---|---|---|---|
| Leero | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
Amagezi ku bulabe
Okukwata ku: 🔍Abakola abali mu kikolwa: 🔍
Ebibiina bya APT ebikola kaakano: 🔍
Ebyokukwata ku kwekuumira
Okukakasa: Tewali kikolebwa kimanyiddwaEmbeera: 🔍
Ekiseera kya 0-Day: 🔍
Ekiseera ekyayita
30/06/2024 🔍30/06/2024 🔍
15/08/2024 🔍
Ebyokutwalira
Omukola: sourcecodester.comOkukebereza: github.com
Embeera: Tekitegedde
CVE: CVE-2024-6419 (🔍)
GCVE (CVE): GCVE-0-2024-6419
GCVE (VulDB): GCVE-100-270010
scip Labs: https://www.scip.ch/en/?labs.20161013
Okuyingiza
Kikolebwa: 30/06/2024 16:56Okukozesa enkola empya: 15/08/2024 21:25
Okukyuusa: 30/06/2024 16:56 (55), 01/07/2024 02:41 (18), 02/07/2024 06:48 (1), 15/08/2024 21:25 (12)
Kituufu ddala: 🔍
Owoleza: jadu101
Cache ID: 253:466:103
Twasiriza
Kikkiriziddwa
- Twasiriza #365247: SourceCodester Medicine Tracker System 1.0 SQL Injection (kuva jadu101)
Tewali biragiddwaako kati. Enimi: lg + en.
Nsaba yingira mu akaawunti yo osobole okwogera.