A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580.
References
| Link | Resource |
|---|---|
| https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf | Broken Link |
| https://vuldb.com/?ctiid.250580 | Permissions Required Third Party Advisory |
| https://vuldb.com/?id.250580 | Third Party Advisory |
Configurations
History
19 Jan 2024, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://vuldb.com/?ctiid.250580 - Permissions Required, Third Party Advisory | |
| References | () https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf - Broken Link | |
| References | () https://vuldb.com/?id.250580 - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CPE | cpe:2.3:a:code-projects:dormitory_management_system:1.0:*:*:*:*:*:*:* | |
| First Time |
Code-projects
Code-projects dormitory Management System |
13 Jan 2024, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-01-13 00:15
Updated : 2024-05-17 02:34
NVD link : CVE-2024-0475
Mitre link : CVE-2024-0475
CVE.ORG link : CVE-2024-0475
JSON object : View
Products Affected
code-projects
- dormitory_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')