CVE-2024-2554

Опубликовано: 17 мар. 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability.

Ссылки

https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
Exploit
https://vuldb.com/?ctiid.257053
Permissions Required
VDB Entry
https://vuldb.com/?id.257053
Third Party Advisory
VDB Entry
https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
Exploit
https://vuldb.com/?ctiid.257053
Permissions Required
VDB Entry
https://vuldb.com/?id.257053
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oretnom23:employee_task_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00072

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-mv6p-j6vw-wcr4

CVSS3: 6.3

github

почти 2 года назад

EPSS

Процентиль: 22%

0.00072

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89