CVE-2024-2061

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2061
A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/edit_supplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255376.

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_supplier.php%20SQL%20Injection.md Broken Link
https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_supplier.php%20SQL%20Injection.md Broken Link
https://vuldb.com/?ctiid.255376 Third Party Advisory
https://vuldb.com/?ctiid.255376 Third Party Advisory
https://vuldb.com/?id.255376 Third Party Advisory
https://vuldb.com/?id.255376 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*
History

12 Dec 2024, 14:59

Type Values Removed Values Added
References () https://vuldb.com/?id.255376 - () https://vuldb.com/?id.255376 - Third Party Advisory
References () https://vuldb.com/?ctiid.255376 - () https://vuldb.com/?ctiid.255376 - Third Party Advisory
References () https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_supplier.php%20SQL%20Injection.md - () https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_supplier.php%20SQL%20Injection.md - Broken Link
CPE cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*
CWE CWE-89
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2
First Time Mayurik petrol Pump Management
Mayurik

01 Mar 2024, 14:04

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-01 13:15

Updated : 2024-12-12 14:59

NVD link : CVE-2024-2061

Mitre link : CVE-2024-2061

JSON object : View

Products Affected

mayurik

  • petrol_pump_management
CWE

No CWE.