SourceCodester Employee and Visitor Gate Pass Logging System 1.0 Master.php?f=log_employee employee_code sql-инъекция

ВходИсторияСвязатьjsonxmlCTI

В критический обнаружена уязвимость, классифицированная как SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Затронута функция log_employee файла /classes/Master.php?f=log_employee. Использование CWE для объявления проблемы приводит к тому, что CWE-89. Консультация доступна по адресу github.com. Эта уязвимость продается как CVE-2024-5976. Атаку можно инициировать удаленно. Имеются технические подробности. Более того, существует эксплойт. Эксплойт был раскрыт общественности и может быть использован. Текущая цена за эксплойт может составлять около USD $0-$5k в настоящее время. Этой уязвимости присвоен номер T1505 проектом MITRE ATT&CK. Объявляется Доказательство концепции. Эксплойт доступен для загрузки на сайте github.com. В 0-дневный период предполагаемая подземная цена составляла около $0-$5k. VulDB is the best source for vulnerability data and more expert information about this specific topic.

6 Изменения · 111 Точки данных

Поле	Update 1/5 14.06.2024 04:33	Update 2/5 14.06.2024 04:36	Update 3/5 14.06.2024 04:39	Update 4/5 15.06.2024 04:00	Update 5/5 17.08.2024 08:50
software_vendor	SourceCodester	SourceCodester	SourceCodester	SourceCodester	SourceCodester
software_name	Employee and Visitor Gate Pass Logging System	Employee and Visitor Gate Pass Logging System	Employee and Visitor Gate Pass Logging System	Employee and Visitor Gate Pass Logging System	Employee and Visitor Gate Pass Logging System
software_version	1.0	1.0	1.0	1.0	1.0
software_file	/classes/Master.php?f=log_employee	/classes/Master.php?f=log_employee	/classes/Master.php?f=log_employee	/classes/Master.php?f=log_employee	/classes/Master.php?f=log_employee
software_function	log_employee	log_employee	log_employee	log_employee	log_employee
software_argument	employee_code	employee_code	employee_code	employee_code	employee_code
vulnerability_cwe	CWE-89 (sql-инъекция)	CWE-89 (sql-инъекция)	CWE-89 (sql-инъекция)	CWE-89 (sql-инъекция)	CWE-89 (sql-инъекция)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rc	R	R	R	R	R
advisory_url	https://github.com/Xu-Mingming/cve/blob/main/sql.md	https://github.com/Xu-Mingming/cve/blob/main/sql.md	https://github.com/Xu-Mingming/cve/blob/main/sql.md	https://github.com/Xu-Mingming/cve/blob/main/sql.md	https://github.com/Xu-Mingming/cve/blob/main/sql.md
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/Xu-Mingming/cve/blob/main/sql.md	https://github.com/Xu-Mingming/cve/blob/main/sql.md	https://github.com/Xu-Mingming/cve/blob/main/sql.md	https://github.com/Xu-Mingming/cve/blob/main/sql.md	https://github.com/Xu-Mingming/cve/blob/main/sql.md
source_cve	CVE-2024-5976	CVE-2024-5976	CVE-2024-5976	CVE-2024-5976	CVE-2024-5976
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
advisory_date	1718229600 (13.06.2024)	1718229600 (13.06.2024)	1718229600 (13.06.2024)	1718229600 (13.06.2024)	1718229600 (13.06.2024)
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	L	L	L	L	L
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	L	L	L	L	L
cvss4_vuldb_e	P	P	P	P	P
cvss2_vuldb_au	S	S	N	N	N
cvss2_vuldb_rl	ND	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	N	N	N
cvss3_vuldb_rl	X	X	X	X	X
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_pr	L	L	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	7.5	7.5	7.5
cvss2_vuldb_tempscore	5.6	5.6	6.4	6.4	6.4
cvss3_vuldb_basescore	6.3	6.3	7.3	7.3	7.3
cvss3_vuldb_tempscore	5.7	5.7	6.6	6.6	6.6
cvss3_meta_basescore	6.3	6.3	8.6	8.2	8.2
cvss3_meta_tempscore	5.7	5.7	8.1	7.8	8.3
cvss4_vuldb_bscore	5.3	5.3	6.9	6.9	6.9
cvss4_vuldb_btscore	2.1	2.1	5.5	5.5	5.5
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cvss3_researcher_c	H	H	H	H	H
cvss3_researcher_pr	N	N	N	N	N
cvss3_researcher_ac	L	L	L	L	L
cvss3_researcher_e	X	X	X	X	X
cvss3_researcher_rc	R	R	R	R	R
cvss3_researcher_s	C	C	C	C	C
cvss3_researcher_i	H	H	H	H	H
cvss3_researcher_av	N	N	N	N	N
cvss3_researcher_ui	N	N	N	N	N
cvss3_researcher_a	H	H	H	H	H
cvss3_researcher_rl	X	X	X	X	X
cvss3_researcher_basescore		10.0	10.0	10.0	10.0
cve_nvd_summary				A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability.	A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability.
cve_nvd_summaryes				Se encontró una vulnerabilidad en SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Ha sido clasificada como crítica. La función log_employee del fichero /classes/Master.php?f=log_employee es afectada por la vulnerabilidad. La manipulación del argumento código_empleado conduce a la inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-268422 es el identificador asignado a esta vulnerabilidad.	Se encontró una vulnerabilidad en SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Ha sido clasificada como crítica. La función log_employee del fichero /classes/Master.php?f=log_employee es afectada por la vulnerabilidad. La manipulación del argumento código_empleado conduce a la inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-268422 es el identificador asignado a esta vulnerabilidad.
cvss3_cna_av				N	N
cvss3_cna_ac				L	L
cvss3_cna_pr				N	N
cvss3_cna_ui				N	N
cvss3_cna_s				U	U
cvss3_cna_c				L	L
cvss3_cna_i				L	L
cvss3_cna_a				L	L
cvss3_cna_basescore				7.3	7.3
cvss2_cna_av				N	N
cvss2_cna_ac				L	L
cvss2_cna_au				N	N
cvss2_cna_ci				P	P
cvss2_cna_ii				P	P
cvss2_cna_ai				P	P
cvss2_cna_basescore				7.5	7.5
cvss3_nvd_av					N
cvss3_nvd_ac					L
cvss3_nvd_pr					N
cvss3_nvd_ui					N
cvss3_nvd_s					U
cvss3_nvd_c					H
cvss3_nvd_i					H
cvss3_nvd_a					H
cvss3_nvd_basescore					9.8

◂ Предыдущий Обзор Далее ▸

Do you need the next level of professionalism?

Upgrade your account now!