CVE-2024-2932

A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012.

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/CveSecLook/cve/issues/3	Exploit Third Party Advisory
https://github.com/CveSecLook/cve/issues/3	Exploit Third Party Advisory
https://vuldb.com/?ctiid.258012	Permissions Required VDB Entry
https://vuldb.com/?ctiid.258012	Permissions Required VDB Entry
https://vuldb.com/?id.258012	Third Party Advisory VDB Entry
https://vuldb.com/?id.258012	Third Party Advisory VDB Entry
https://vuldb.com/?submit.304257	Third Party Advisory VDB Entry
https://vuldb.com/?submit.304257	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:donbermoy:online_chatting_system:1.0:*:*:*:*:*:*:*

History

18 Feb 2025, 17:02

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?ctiid.258012 -~~	() https://vuldb.com/?ctiid.258012 - Permissions Required, VDB Entry
References	~~() https://github.com/CveSecLook/cve/issues/3 -~~	() https://github.com/CveSecLook/cve/issues/3 - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?submit.304257 -~~	() https://vuldb.com/?submit.304257 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?id.258012 -~~	() https://vuldb.com/?id.258012 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:a:donbermoy:online_chatting_system:1.0:::::::*
CWE	~~CWE-89~~
First Time		Donbermoy online Chatting System Donbermoy
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

27 Mar 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-27 01:15

Updated : 2025-02-18 17:02

NVD link : CVE-2024-2932

Mitre link : CVE-2024-2932

JSON object : View

Products Affected

donbermoy

online_chatting_system

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/CveSecLook/cve/issues/3", "name": "https://github.com/CveSecLook/cve/issues/3", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/CveSecLook/cve/issues/3", "name": "https://github.com/CveSecLook/cve/issues/3", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.258012", "name": "VDB-258012 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.258012", "name": "VDB-258012 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.258012", "name": "VDB-258012 | SourceCodester Online Chatting System update_room.php sql injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.258012", "name": "VDB-258012 | SourceCodester Online Chatting System update_room.php sql injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.304257", "name": "Submit #304257 | Sourcecodester Online Chatting System using PHP/MySQL V1.0 sql injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.304257", "name": "Submit #304257 | Sourcecodester Online Chatting System using PHP/MySQL V1.0 sql injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability classified as critical has been found in SourceCodester Online Chatting System 1.0. Affected is an unknown function of the file admin/update_room.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258012."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-2932", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2024-03-27T01:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:donbermoy:online_chatting_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-18T17:02Z"}