CVE-2024-10752

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-10752
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://vuldb.com/?id.282921 Permissions Required
https://vuldb.com/?ctiid.282921 Permissions Required
https://vuldb.com/?submit.436316 Third Party Advisory
https://github.com/primaryboy/CVE/issues/1 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*
History

05 Nov 2024, 17:59

Type Values Removed Values Added
First Time Codezips pet Shop Management System
Codezips
CPE cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*
References () https://vuldb.com/?submit.436316 - () https://vuldb.com/?submit.436316 - Third Party Advisory
References () https://github.com/primaryboy/CVE/issues/1 - () https://github.com/primaryboy/CVE/issues/1 - Exploit, Third Party Advisory
References () https://vuldb.com/?id.282921 - () https://vuldb.com/?id.282921 - Permissions Required
References () https://vuldb.com/?ctiid.282921 - () https://vuldb.com/?ctiid.282921 - Permissions Required
CWE CWE-74
CWE-707
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

04 Nov 2024, 13:17

Type Values Removed Values Added
Summary A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected. A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected.
CWE CWE-74
CWE-707

04 Nov 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-04 02:15

Updated : 2024-11-05 17:59

NVD link : CVE-2024-10752

Mitre link : CVE-2024-10752

JSON object : View

Products Affected

codezips

  • pet_shop_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')