Lucene search

[email protected]NVD:CVE-2024-30985

HistoryApr 17, 2024 - 6:15 p.m.

CVE-2024-30985

2024-04-1718:15:16

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

phpgurukul

client management system

php

mysql

arbitrary commands

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

Percentile

9.0%

JSON

SQL Injection vulnerability in “B/W Dates Reports” page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via “todate” and “fromdate” parameters.

References

medium.com/%40shanunirwan/cve-2024-30985-sql-injection-vulnerability-in-client-management-system-using-php-mysql-1-1-c21fecbda062

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-30985

cvelist1 vulnrichment1 cve1