VDB-289164 · CVE-2024-12894 · GCVE-100-289164

TreasureHuntGame TreasureHunt Dok 963e0e0 TreasureHunt/acesso.php usuario SKL injekcija

Otkrivena je ranjivost klasifikovana kao Kritične u TreasureHuntGame TreasureHunt Dok 963e0e0. Pogođeno je nepoznata funkcija u fajlu TreasureHunt/acesso.php. Manipulacija argumentom usuario dovodi do SKL injekcija. Korišćenje CWE za deklarisanje problema vodi do CWE-89. Slabost je objavljena 12/21/2024 kao 8bcc649abc35b7734951be084bb522a532faac4e. Obaveštenje je dostupno za preuzimanje na github.com. Ova ranjivost je označena kao CVE-2024-12894. Moguće je pokrenuti napad na daljinu. Napad mora biti izveden unutar lokalne mreže. Tehnički detalji su dostupni. Не постоји доступан експлоит. Trenutna cena za eksploataciju može biti približno USD $0-$5k u ovom trenutku. MITRE ATT&CK projekat deklariše tehniku napada kao T1505. Označeno je kao nije definisano. Kao 0-day, procenjena cena na crnom tržištu bila je oko $0-$5k. Ovaj proizvod koristi rolling release model za kontinuiranu isporuku. Zbog toga, podaci o verzijama pogođenih ili ažuriranih izdanja nisu dostupni. Ime zakrpe je 8bcc649abc35b7734951be084bb522a532faac4e. Ispravka je spremna za preuzimanje na github.com. Preporučuje se primena zakrpe kako bi se rešio ovaj problem. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Promene · 100 Tačke podataka

Polje	Kreirali 12/21/2024 21:22	Ažurira 1/2 12/22/2024 13:30	Ažurira 2/2 01/11/2025 03:05
software_vendor	TreasureHuntGame	TreasureHuntGame	TreasureHuntGame
software_name	TreasureHunt	TreasureHunt	TreasureHunt
software_version	<=963e0e0	<=963e0e0	<=963e0e0
software_rollingrelease	1	1	1
software_file	TreasureHunt/acesso.php	TreasureHunt/acesso.php	TreasureHunt/acesso.php
software_argument	usuario	usuario	usuario
vulnerability_cwe	CWE-89 (SKL injekcija)	CWE-89 (SKL injekcija)	CWE-89 (SKL injekcija)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	8bcc649abc35b7734951be084bb522a532faac4e	8bcc649abc35b7734951be084bb522a532faac4e	8bcc649abc35b7734951be084bb522a532faac4e
advisory_url	https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e	https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e	https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e
countermeasure_name	Zakrpa	Zakrpa	Zakrpa
patch_name	8bcc649abc35b7734951be084bb522a532faac4e	8bcc649abc35b7734951be084bb522a532faac4e	8bcc649abc35b7734951be084bb522a532faac4e
countermeasure_patch_url	https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e	https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e	https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e
countermeasure_advisoryquote	fix(acesso.php e checkflag.php): SQL Injection	fix(acesso.php e checkflag.php): SQL Injection	fix(acesso.php e checkflag.php): SQL Injection
source_cve	CVE-2024-12894	CVE-2024-12894	CVE-2024-12894
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss4_vuldb_e	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.7	5.7	5.7
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	6.0	6.1	7.4
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	5.3	5.3	5.3
advisory_date	1734735600 (12/21/2024)	1734735600 (12/21/2024)	1734735600 (12/21/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.	A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad clasificada como crítica en TreasureHuntGame TreasureHunt hasta la versión 963e0e0. Se ve afectada una función desconocida del archivo TreasureHunt/acesso.php. La manipulación del argumento usuario provoca una inyección SQL. Es posible lanzar el ataque de forma remota. Este producto utiliza una versión continua para proporcionar una distribución continua. Por lo tanto, no hay detalles de la versión afectada ni de las versiones actualizadas disponibles. El nombre del parche es 8bcc649abc35b7734951be084bb522a532faac4e. Se recomienda aplicar un parche para solucionar este problema.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ Prethodne Pregled Sledeжi ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!