SourceCodester Simple Inventory Management System 1.0 Order action.php order_id sql injection

EntryHistoryrelatejsonxmlCTI

A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument order_id leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was disclosed 07/17/2024. The advisory is shared for download at github.com. This vulnerability is traded as CVE-2024-6830. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1505. It is declared as Proof-of-Concept. The exploit is shared for download at github.com. As 0-day the estimated underground price was around $0-$5k. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Changes · 75 Data Points

Field	Created 07/17/2024 11:26	Update 1/2 07/18/2024 04:29	Update 2/2 07/18/2024 18:03
software_vendor	SourceCodester	SourceCodester	SourceCodester
software_name	Simple Inventory Management System	Simple Inventory Management System	Simple Inventory Management System
software_version	1.0	1.0	1.0
software_component	Order Handler	Order Handler	Order Handler
software_file	action.php	action.php	action.php
software_argument	order_id	order_id	order_id
vulnerability_cwe	CWE-89 (sql injection)	CWE-89 (sql injection)	CWE-89 (sql injection)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/Xu-Mingming/cve/blob/main/sql1.md	https://github.com/Xu-Mingming/cve/blob/main/sql1.md	https://github.com/Xu-Mingming/cve/blob/main/sql1.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/Xu-Mingming/cve/blob/main/sql1.md	https://github.com/Xu-Mingming/cve/blob/main/sql1.md	https://github.com/Xu-Mingming/cve/blob/main/sql1.md
source_cve	CVE-2024-6830	CVE-2024-6830	CVE-2024-6830
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3
cvss3_meta_tempscore	5.7	6.0	6.0
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1721167200 (07/17/2024)	1721167200 (07/17/2024)	1721167200 (07/17/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cve_nvd_summary		A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument order_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271812.	A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument order_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271812.
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cve_nvd_summaryes			Una vulnerabilidad fue encontrada en SourceCodester Simple Inventory Management System 1.0 y clasificada como crítica. Una función desconocida del archivo action.php del componente Order Handler es afectada por esta vulnerabilidad. La manipulación del argumento order_id conduce a la inyección de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-271812.

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!