exploitDog

CVE-2024-28558

Опубликовано: 15 апр. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.

Ссылки

https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md
Exploit
Third Party Advisory
https://github.com/xuanluansec/vul/issues/3#issue-2243633522
Exploit
Third Party Advisory
https://github.com/xuanluansec/vul/blob/main/vul/sql/sql-3.md
Exploit
Third Party Advisory
https://github.com/xuanluansec/vul/issues/3#issue-2243633522
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01812

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-5fg3-5f62-3f6j

CVSS3: 8.8

github

почти 2 года назад

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php.

EPSS

Процентиль: 82%

0.01812

Низкий

8.8 High

CVSS3

Дефекты

CWE-89