SourceCodester Music Gallery Site 1.0 Master.php?f=delete_music ID SKL injekcija

Pronađena je ranjivost klasifikovana kao Kritične u SourceCodester Music Gallery Site 1.0. Zahvaćeno je nepoznata funkcija u fajlu /php-music/classes/Master.php?f=delete_music. Izmena argumenta ID rezultira SKL injekcija. Korišćenjem CWE za opis problema dolazi se do CWE-89. Ova slabost je objavljena 08/30/2024. Izveštaj je dostupan za preuzimanje na github.com. Ova ranjivost je poznata pod oznakom CVE-2024-8336. Napad je moguće izvršiti sa udaljene lokacije. Napad zahteva pristup lokalnoj mreži. Tehnički podaci su dostupni. Поред тога, експлоит је доступан. Eksploatacija je javno objavljena i može biti iskorišćena. Trenutno je cena za eksploataciju približno USD $0-$5k u ovom momentu. Prema MITRE ATT&CK projektu, tehnika napada je T1505. Definisano je kao dokaz-of-koncept. Ekspoit je objavljen za preuzimanje na github.com. Kao 0-day, očekivana cena na crnom tržištu bila je oko $0-$5k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

7 Promene · 100 Tačke podataka

PoljeAžurira 2/6
08/30/2024 09:06		Ažurira 3/6
08/30/2024 09:09		Ažurira 4/6
08/31/2024 15:10		Ažurira 5/6
09/04/2024 04:38		Ažurira 6/6
09/05/2024 03:44
software_vendorSourceCodesterSourceCodesterSourceCodesterSourceCodesterSourceCodester
software_nameMusic Gallery SiteMusic Gallery SiteMusic Gallery SiteMusic Gallery SiteMusic Gallery Site
software_version1.01.01.01.01.0
software_file/php-music/classes/Master.php?f=delete_music/php-music/classes/Master.php?f=delete_music/php-music/classes/Master.php?f=delete_music/php-music/classes/Master.php?f=delete_music/php-music/classes/Master.php?f=delete_music
software_argumentididididid
vulnerability_cweCWE-89 (SKL injekcija)CWE-89 (SKL injekcija)CWE-89 (SKL injekcija)CWE-89 (SKL injekcija)CWE-89 (SKL injekcija)
vulnerability_risk22222
cvss3_vuldb_avNNNNN
cvss3_vuldb_acLLLLL
cvss3_vuldb_uiNNNNN
cvss3_vuldb_sUUUUU
cvss3_vuldb_cLLLLL
cvss3_vuldb_iLLLLL
cvss3_vuldb_aLLLLL
cvss3_vuldb_ePPPPP
cvss3_vuldb_rcRRRRR
advisory_urlhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.mdhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.mdhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.mdhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.mdhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.md
exploit_availability11111
exploit_publicity11111
exploit_urlhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.mdhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.mdhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.mdhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.mdhttps://github.com/LiuHaoBin6/cve/blob/main/sql5.md
source_cveCVE-2024-8336CVE-2024-8336CVE-2024-8336CVE-2024-8336CVE-2024-8336
cna_responsibleVulDBVulDBVulDBVulDBVulDB
software_typePhoto Gallery SoftwarePhoto Gallery SoftwarePhoto Gallery SoftwarePhoto Gallery SoftwarePhoto Gallery Software
cvss2_vuldb_avNNNNN
cvss2_vuldb_acLLLLL
cvss2_vuldb_ciPPPPP
cvss2_vuldb_iiPPPPP
cvss2_vuldb_aiPPPPP
cvss2_vuldb_ePOCPOCPOCPOCPOC
cvss2_vuldb_rcURURURURUR
cvss4_vuldb_avNNNNN
cvss4_vuldb_acLLLLL
cvss4_vuldb_uiNNNNN
cvss4_vuldb_vcLLLLL
cvss4_vuldb_viLLLLL
cvss4_vuldb_vaLLLLL
cvss4_vuldb_ePPPPP
cvss2_vuldb_auSSSSS
cvss2_vuldb_rlNDNDNDNDND
cvss3_vuldb_prLLLLL
cvss3_vuldb_rlXXXXX
cvss4_vuldb_atNNNNN
cvss4_vuldb_prLLLLL
cvss4_vuldb_scNNNNN
cvss4_vuldb_siNNNNN
cvss4_vuldb_saNNNNN
cvss2_vuldb_basescore6.56.56.56.56.5
cvss2_vuldb_tempscore5.65.65.65.65.6
cvss3_vuldb_basescore6.36.36.36.36.3
cvss3_vuldb_tempscore5.75.75.75.75.7
cvss3_meta_basescore6.38.17.57.57.5
cvss3_meta_tempscore5.77.67.27.27.8
cvss4_vuldb_bscore5.35.35.35.35.3
cvss4_vuldb_btscore2.12.12.12.12.1
advisory_date1724968800 (08/30/2024)1724968800 (08/30/2024)1724968800 (08/30/2024)1724968800 (08/30/2024)1724968800 (08/30/2024)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k$0-$5k
cvss3_researcher_acLLLLL
cvss3_researcher_iHHHHH
cvss3_researcher_sCCCCC
cvss3_researcher_cHHHHH
cvss3_researcher_avNNNNN
cvss3_researcher_prNNNNN
cvss3_researcher_rlXXXXX
cvss3_researcher_rcRRRRR
cvss3_researcher_aHHHHH
cvss3_researcher_uiNNNNN
cvss3_researcher_eXXXXX
cvss3_researcher_basescore10.010.010.010.0
cve_nvd_summaryA vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss3_cna_avNNN
cvss3_cna_acLLL
cvss3_cna_prLLL
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cLLL
cvss3_cna_iLLL
cvss3_cna_aLLL
cvss3_cna_basescore6.36.36.3
cvss2_cna_avNNN
cvss2_cna_acLLL
cvss2_cna_auSSS
cvss2_cna_ciPPP
cvss2_cna_iiPPP
cvss2_cna_aiPPP
cvss2_cna_basescore6.56.56.5
cve_nvd_summaryesSe ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester Music Gallery Site 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /php-music/classes/Master.php?f=delete_music. La manipulación del argumento id conduce a una inyección SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.Se ha encontrado una vulnerabilidad clasificada como crítica en SourceCodester Music Gallery Site 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /php-music/classes/Master.php?f=delete_music. La manipulación del argumento id conduce a una inyección SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss3_nvd_basescore9.8

PrethodnePregledSledeжi

Do you need the next level of professionalism?

Upgrade your account now!