Lucene search

[email protected]NVD:CVE-2024-3535

HistoryApr 10, 2024 - 3:15 a.m.

CVE-2024-3535

2024-04-1003:15:07

CWE-89

[email protected]

web.nvd.nist.gov

campcodes church management system

remote attack

sql injection

vulnerability

vdb-259905

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.5

Confidence

High

EPSS

Percentile

15.5%

JSON

A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability.

References

github.com/E1CHO/cve_hub/blob/main/Church%20Management%20System/Church%20Management%20System%20-%20vuln%202.pdf

vuldb.com/?ctiid.259905

vuldb.com/?id.259905

vuldb.com/?submit.312536

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.5

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2024-3535

cvelist1 vulnrichment1 cve1