VDB-258036 · CVE-2024-2945 · GCVE-100-258036

Campcodes Online Examination System 1.0 updateExaminee.php ID SKL injekcija

Otkrivena je ranjivost klasifikovana kao Kritične u Campcodes Online Examination System 1.0. Pogođeno je nepoznata funkcija u fajlu /adminpanel/admin/facebox_modal/updateExaminee.php. Manipulacija argumentom ID dovodi do SKL injekcija. Korišćenje CWE za deklarisanje problema vodi do CWE-89. Slabost je objavljena 03/26/2024. Obaveštenje je dostupno za preuzimanje na github.com. Ova ranjivost je označena kao CVE-2024-2945. Moguće je pokrenuti napad na daljinu. Napad mora biti izveden unutar lokalne mreže. Tehnički detalji su dostupni. Додатно, постоји доступан експлоит. Eksploatacija je otkrivena javnosti i može biti iskorišćena. Trenutna cena za eksploataciju može biti približno USD $0-$5k u ovom trenutku. MITRE ATT&CK projekat deklariše tehniku napada kao T1505. Označeno je kao dokaz-of-koncept. Eksploat je dostupan za preuzimanje na github.com. Kao 0-day, procenjena cena na crnom tržištu bila je oko $0-$5k. VulDB is the best source for vulnerability data and more expert information about this specific topic.

4 Promene · 96 Tačke podataka

Polje	Kreirali 03/26/2024 17:35	Ažurira 1/3 05/05/2024 09:27	Ažurira 2/3 05/05/2024 09:31	Ažurira 3/3 02/21/2025 20:16
software_vendor	Campcodes	Campcodes	Campcodes	Campcodes
software_name	Online Examination System	Online Examination System	Online Examination System	Online Examination System
software_version	1.0	1.0	1.0	1.0
software_file	/adminpanel/admin/facebox_modal/updateExaminee.php	/adminpanel/admin/facebox_modal/updateExaminee.php	/adminpanel/admin/facebox_modal/updateExaminee.php	/adminpanel/admin/facebox_modal/updateExaminee.php
software_argument	id	id	id	id
vulnerability_cwe	CWE-89 (SKL injekcija)	CWE-89 (SKL injekcija)	CWE-89 (SKL injekcija)	CWE-89 (SKL injekcija)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Examination%20System/Online%20Examination%20System%20-%20vuln%205.pdf
source_cve	CVE-2024-2945	CVE-2024-2945	CVE-2024-2945	CVE-2024-2945
cna_responsible	VulDB	VulDB	VulDB	VulDB
advisory_date	1711407600 (03/26/2024)	1711407600 (03/26/2024)	1711407600 (03/26/2024)	1711407600 (03/26/2024)
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	6.4
cvss3_meta_tempscore	5.7	5.7	6.0	6.2
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1711407600 (03/26/2024)	1711407600 (03/26/2024)	1711407600 (03/26/2024)
cve_nvd_summary		A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.	A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.	A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258036.
cvss2_nvd_au			S	S
cvss2_nvd_ci			P	P
cvss2_nvd_ii			P	P
cvss2_nvd_ai			P	P
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cve_cna			VulDB	VulDB
cvss2_nvd_basescore			6.5	6.5
cvss3_cna_basescore			6.3	6.3
cvss2_nvd_av			N	N
cvss2_nvd_ac			L	L
cve_nvd_summaryes				Se encontró una vulnerabilidad en Campcodes Online Examination System 1.0. Ha sido clasificada como crítica. Una función desconocida del archivo /adminpanel/admin/facebox_modal/updateExaminee.php es afectada por esta vulnerabilidad. La manipulación del argumento id conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-258036.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				N
cvss3_nvd_a				N
cvss3_nvd_basescore				6.5
cvss2_cna_av				N
cvss2_cna_ac				L
cvss2_cna_au				S
cvss2_cna_ci				P
cvss2_cna_ii				P
cvss2_cna_ai				P
cvss2_cna_basescore				6.5

◂ Prethodne Pregled Sledeжi ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!