Lucene search

K
cve[email protected]CVE-2024-5098
HistoryMay 19, 2024 - 6:15 a.m.

CVE-2024-5098

2024-05-1906:15:06
CWE-89
web.nvd.nist.gov
28
vulnerability
sourcecodester
inventory system
sql injection
login.php
exploit
public disclosure
identifier vdb-265081
nvd

5.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.3 High

AI Score

Confidence

Low

5.2 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

15.5%

A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-265081 was assigned to this vulnerability.

Affected configurations

Vulners
Node
sourcecodesterrestaurant_management_systemMatch1.0

CNA Affected

[
  {
    "vendor": "SourceCodester",
    "product": "Simple Inventory System",
    "versions": [
      {
        "version": "1.0",
        "status": "affected"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7.3 High

AI Score

Confidence

Low

5.2 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

15.5%

Related for CVE-2024-5098