CVE-2024-1924

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254859.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md	Exploit Third Party Advisory
https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.254859	Permissions Required
https://vuldb.com/?ctiid.254859	Permissions Required
https://vuldb.com/?id.254859	Permissions Required
https://vuldb.com/?id.254859	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:membership_management_system:1.0:*:*:*:*:*:*:*

History

18 Dec 2024, 17:55

Type	Values Removed	Values Added
First Time		Codeastro membership Management System Codeastro
CWE	~~CWE-89~~
CPE		cpe:2.3:a:codeastro:membership_management_system:1.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
References	~~() https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md -~~	() https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.254859 -~~	() https://vuldb.com/?ctiid.254859 - Permissions Required
References	~~() https://vuldb.com/?id.254859 -~~	() https://vuldb.com/?id.254859 - Permissions Required

27 Feb 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-27 17:15

Updated : 2024-12-18 17:55

NVD link : CVE-2024-1924

Mitre link : CVE-2024-1924

JSON object : View

Products Affected

codeastro

membership_management_system

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md", "name": "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md", "name": "https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.254859", "name": "VDB-254859 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.254859", "name": "VDB-254859 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.254859", "name": "VDB-254859 | CodeAstro Membership Management System get_membership_amount.php sql injection", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.254859", "name": "VDB-254859 | CodeAstro Membership Management System get_membership_amount.php sql injection", "tags": ["Permissions Required"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254859."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-1924", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2024-02-27T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:codeastro:membership_management_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-18T17:55Z"}