[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

Kashipara Online Furniture Shopping Ecommerce Website 1.0 search.php txtSearch Injecção SQL

Uma vulnerabilidade classificada como crítico foi encontrada em Kashipara Online Furniture Shopping Ecommerce Website 1.0. Afectado é uma função desconhecida do ficheiro search.php. A manipulação do argumento txtSearch com uma entrada desconhecida leva a Injecção SQL. A definição de CWE para a vulnerabilidade é CWE-89. O aconselhamento é partilhado para download em github.com. A vulnerabilidade é identificada como CVE-2024-4069. O ataque pode ser iniciado a partir da rede. Os detalhes técnicos estão disponíveis. Além disso, há uma exploração disponível. A exploração foi divulgada ao público e pode ser utilizada. A técnica de ataque utilizada por esta edição é T1505 de acordo com MITRE ATT&CK. É declarado como prova de conceito. A exploração é partilhada para download em github.com. Esperamos que o dia 0 tenha valido aproximadamente $0-$5k.

4 Ajustamentos · 96 Pontos de dados

CampoCriado em
23/04/2024 15h46		Update 1/3
28/05/2024 19h45		Update 2/3
28/05/2024 19h54		Update 3/3
05/03/2025 23h14
cvss2_vuldb_basescore6.56.56.56.5
cvss2_vuldb_tempscore5.65.65.65.6
cvss3_vuldb_basescore6.36.36.36.3
cvss3_vuldb_tempscore5.75.75.75.7
cvss3_meta_basescore6.36.36.36.7
cvss3_meta_tempscore5.75.76.06.5
cvss4_vuldb_bscore5.35.35.35.3
cvss4_vuldb_btscore2.12.12.12.1
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
software_vendorKashiparaKashiparaKashiparaKashipara
software_nameOnline Furniture Shopping Ecommerce WebsiteOnline Furniture Shopping Ecommerce WebsiteOnline Furniture Shopping Ecommerce WebsiteOnline Furniture Shopping Ecommerce Website
software_version1.01.01.01.0
software_filesearch.phpsearch.phpsearch.phpsearch.php
software_argumenttxtSearchtxtSearchtxtSearchtxtSearch
vulnerability_cweCWE-89 (Injecção SQL)CWE-89 (Injecção SQL)CWE-89 (Injecção SQL)CWE-89 (Injecção SQL)
vulnerability_risk2222
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_uiNNNN
cvss3_vuldb_sUUUU
cvss3_vuldb_cLLLL
cvss3_vuldb_iLLLL
cvss3_vuldb_aLLLL
cvss3_vuldb_ePPPP
cvss3_vuldb_rcRRRR
advisory_urlhttps://github.com/E1CHO/cve_hub/blob/main/Online%20Furniture%20Shopping%20Ecommerce%20Website/Online%20Furniture%20Shopping%20Ecommerce%20Website%20Project%20-%20vuln%201.pdfhttps://github.com/E1CHO/cve_hub/blob/main/Online%20Furniture%20Shopping%20Ecommerce%20Website/Online%20Furniture%20Shopping%20Ecommerce%20Website%20Project%20-%20vuln%201.pdfhttps://github.com/E1CHO/cve_hub/blob/main/Online%20Furniture%20Shopping%20Ecommerce%20Website/Online%20Furniture%20Shopping%20Ecommerce%20Website%20Project%20-%20vuln%201.pdfhttps://github.com/E1CHO/cve_hub/blob/main/Online%20Furniture%20Shopping%20Ecommerce%20Website/Online%20Furniture%20Shopping%20Ecommerce%20Website%20Project%20-%20vuln%201.pdf
exploit_availability1111
exploit_publicity1111
exploit_urlhttps://github.com/E1CHO/cve_hub/blob/main/Online%20Furniture%20Shopping%20Ecommerce%20Website/Online%20Furniture%20Shopping%20Ecommerce%20Website%20Project%20-%20vuln%201.pdfhttps://github.com/E1CHO/cve_hub/blob/main/Online%20Furniture%20Shopping%20Ecommerce%20Website/Online%20Furniture%20Shopping%20Ecommerce%20Website%20Project%20-%20vuln%201.pdfhttps://github.com/E1CHO/cve_hub/blob/main/Online%20Furniture%20Shopping%20Ecommerce%20Website/Online%20Furniture%20Shopping%20Ecommerce%20Website%20Project%20-%20vuln%201.pdfhttps://github.com/E1CHO/cve_hub/blob/main/Online%20Furniture%20Shopping%20Ecommerce%20Website/Online%20Furniture%20Shopping%20Ecommerce%20Website%20Project%20-%20vuln%201.pdf
source_cveCVE-2024-4069CVE-2024-4069CVE-2024-4069CVE-2024-4069
cna_responsibleVulDBVulDBVulDBVulDB
advisory_date1713823200 (23/04/2024)1713823200 (23/04/2024)1713823200 (23/04/2024)1713823200 (23/04/2024)
software_typeE-Commerce Management SoftwareE-Commerce Management SoftwareE-Commerce Management SoftwareE-Commerce Management Software
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_ciPPPP
cvss2_vuldb_iiPPPP
cvss2_vuldb_aiPPPP
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcURURURUR
cvss4_vuldb_avNNNN
cvss4_vuldb_acLLLL
cvss4_vuldb_uiNNNN
cvss4_vuldb_vcLLLL
cvss4_vuldb_viLLLL
cvss4_vuldb_vaLLLL
cvss4_vuldb_ePPPP
cvss2_vuldb_auSSSS
cvss2_vuldb_rlNDNDNDND
cvss3_vuldb_prLLLL
cvss3_vuldb_rlXXXX
cvss4_vuldb_atNNNN
cvss4_vuldb_prLLLL
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cve_assigned1713823200 (23/04/2024)1713823200 (23/04/2024)1713823200 (23/04/2024)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795.A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795.A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795.
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iLL
cvss3_cna_aLL
cve_cnaVulDBVulDB
cvss2_nvd_basescore6.56.5
cvss3_cna_basescore6.36.3
cve_nvd_summaryesUna vulnerabilidad fue encontrada en Kashipara Online Furniture Shopping Ecommerce Website 1.0 y clasificada como crítica. Una parte desconocida del archivo search.php afecta a esta vulnerabilidad. La manipulación del argumento txtSearch conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-261795.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss3_nvd_basescore7.5
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore6.5

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!