Lucene search

[email protected]CVE-2024-36673

HistoryJun 07, 2024 - 1:15 p.m.

CVE-2024-36673

2024-06-0713:15:49

CWE-89

[email protected]

web.nvd.nist.gov

cve-2024-36673

sourcecodester

pharmacy/medical store

sql injection

email parameter

password parameter

malicious sql queries

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.

Affected configurations

NVD

Node

pharmacy\/medical_store_point_of_sale_system_projectpharmacy\/medical_store_point_of_sale_systemMatch1.0

CPENameOperatorVersion
pharmacy\/medical_store_point_of_sale_system_project:pharmacy\/medical_store_point_of_sale_systempharmacy/medical store point of sale system project pharmacy/medical store point of sale systemeq1.0

CPE	Name	Operator	Version
pharmacy\/medical_store_point_of_sale_system_project:pharmacy\/medical_store_point_of_sale_system	pharmacy/medical store point of sale system project pharmacy/medical store point of sale system	eq	1.0

References

github.com/CveSecLook/cve/issues/39

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

Related for CVE-2024-36673

cvelist1 nvd1