CVE-2024-3767

Опубликовано: 15 апр. 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md
Exploit
Third Party Advisory
https://phpgurukul.com/
Product
https://vuldb.com/?ctiid.260614
Permissions Required
VDB Entry
https://vuldb.com/?id.260614
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.316290
Third Party Advisory
VDB Entry
https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.260614
Permissions Required
VDB Entry
https://vuldb.com/?id.260614
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.316290
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:news_portal_project:4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00078

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-p68v-qx32-5pvp

CVSS3: 6.3

github

почти 2 года назад

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260614 is the identifier assigned to this vulnerability.

EPSS

Процентиль: 23%

0.00078

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74