Lucene search

MitreCVE-2024-28557

HistoryApr 15, 2024 - 7:15 p.m.

CVE-2024-28557

2024-04-1519:15:09

CWE-89

mitre

web.nvd.nist.gov

sql injection

sourcecodester

php task management

remote attackers

arbitrary code

escalate privileges

sensitive information

crafted payload

update-admin.php

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php.

References

github.com/xuanluansec/vul/blob/main/vul/2/README-SQL-2.md

github.com/xuanluansec/vul/issues/2

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-28557