CVE-2024-10752

Опубликовано: 04 нояб. 2024

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected.

Ссылки

https://github.com/primaryboy/CVE/issues/1
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.282921
Permissions Required
https://vuldb.com/?id.282921
Permissions Required
https://vuldb.com/?submit.436316
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00131

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-7fwp-9vj9-hr6v

CVSS3: 7.3

github

больше 1 года назад

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected.

EPSS

Процентиль: 33%

0.00131

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

CWE-89