VDB-289303 · CVE-2024-12943 · GCVE-100-289303

CodeAstro House Rental Management System 1.0 /ownersignup.php f/e/p/m/o/n/c/s/ci/a Suntikan SQL

Satu kelemahan keselamatan jenis kritikal telah dikenal pasti dalam CodeAstro House Rental Management System 1.0. Perkara yang terjejas ialah fungsi yang tidak diketahui pada fail /ownersignup.php. Perubahan ini pada parameter f/e/p/m/o/n/c/s/ci/a mengakibatkan Suntikan SQL. Menggunakan CWE untuk menyatakan masalah membawa kepada CWE-89. Kelemahan telah diterbitkan pada 25/12/2024. Nasihat telah dikongsi untuk dimuat turun di github.com. Celah keselamatan ini dikenali sebagai CVE-2024-12943. Adalah mungkin untuk melancarkan serangan dari jauh. Maklumat teknikal boleh didapati. Tambahan pula, eksploit telah tersedia. Eksploitasi telah didedahkan kepada awam dan boleh digunakan. Pada ketika ini, harga exploit dianggarkan kira-kira USD $0-$5k. Projek MITRE ATT&CK mengisytiharkan teknik serangan sebagai T1505. Ia ditetapkan sebagai bukti konsep. Eksploit ini dikongsi untuk dimuat turun di github.com. Harga anggaran di pasaran gelap untuk 0-day adalah kira-kira $0-$5k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 Perubahan · 87 Titik data

Medan	Dibuat 25/12/2024 05:25 PM	Dikemas kini 1/2 26/12/2024 10:25 AM	Dikemas kini 2/2 27/12/2024 09:49 PM
software_vendor	CodeAstro	CodeAstro	CodeAstro
software_name	House Rental Management System	House Rental Management System	House Rental Management System
software_version	1.0	1.0	1.0
software_file	/ownersignup.php	/ownersignup.php	/ownersignup.php
software_argument	f/e/p/m/o/n/c/s/ci/a	f/e/p/m/o/n/c/s/ci/a	f/e/p/m/o/n/c/s/ci/a
vulnerability_cwe	CWE-89 (Suntikan SQL)	CWE-89 (Suntikan SQL)	CWE-89 (Suntikan SQL)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/Wind-liberty/CVE/issues/1	https://github.com/Wind-liberty/CVE/issues/1	https://github.com/Wind-liberty/CVE/issues/1
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/Wind-liberty/CVE/issues/1	https://github.com/Wind-liberty/CVE/issues/1	https://github.com/Wind-liberty/CVE/issues/1
source_cve	CVE-2024-12943	CVE-2024-12943	CVE-2024-12943
cna_responsible	VulDB	VulDB	VulDB
decision_summary	The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.	The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.	The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	7.3
cvss3_meta_tempscore	6.6	6.9	6.9
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1735081200 (25/12/2024)	1735081200 (25/12/2024)	1735081200 (25/12/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.	A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		7.3	7.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		7.5	7.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en CodeAstro House Rental Management System 1.0. Se ha declarado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /ownersignup.php. La manipulación del argumento f/e/p/m/o/n/c/s/ci/a provoca una inyección SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse. El aviso inicial para investigadores solo menciona el parámetro "m" que se verá afectado, pero se debe suponer que también se verán afectados muchos otros parámetros.

◂ Sebelum Gambaran Seterusnya ▸

Do you need the next level of professionalism?

Upgrade your account now!