A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as part of String leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "email" to be affected. But it must be assumed that parameter "admin_pswd" is affected as well.
References
Link | Resource |
---|---|
https://code-projects.org/ | Product |
https://github.com/UnrealdDei/cve/blob/main/sql11.md | Exploit |
https://vuldb.com/?ctiid.282908 | Permissions Required VDB Entry |
https://vuldb.com/?id.282908 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.436014 | Third Party Advisory VDB Entry |
Configurations
History
05 Nov 2024, 20:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:* | |
First Time |
Anisha
Anisha e-health Care System |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
Summary |
|
|
References | () https://code-projects.org/ - Product | |
References | () https://github.com/UnrealdDei/cve/blob/main/sql11.md - Exploit | |
References | () https://vuldb.com/?ctiid.282908 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.282908 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.436014 - Third Party Advisory, VDB Entry |
03 Nov 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-03 18:15
Updated : 2024-11-05 20:16
NVD link : CVE-2024-10739
Mitre link : CVE-2024-10739
CVE.ORG link : CVE-2024-10739
JSON object : View
Products Affected
anisha
- e-health_care_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')