CVE-2024-9011

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://vuldb.com/?id.278166", "name": "VDB-278166 | code-projects Crud Operation System updata.php sql injection", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.278166", "name": "VDB-278166 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?submit.410396", "name": "Submit #410396 | code-projects Crud Operation System V1.0 SQL Injection", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/ppp-src/a/issues/14", "name": "https://github.com/ppp-src/a/issues/14", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://code-projects.org/", "name": "https://code-projects.org/", "tags": ["Product"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-9011", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2024-09-20T01:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:code-projects:crud_operation_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-09-25T17:48Z"}