CVE-2024-10752

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected.
References
Link Resource
https://github.com/primaryboy/CVE/issues/1 Exploit Third Party Advisory
https://vuldb.com/?ctiid.282921 Permissions Required
https://vuldb.com/?id.282921 Permissions Required
https://vuldb.com/?submit.436316 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*

History

05 Nov 2024, 17:59

Type Values Removed Values Added
References () https://github.com/primaryboy/CVE/issues/1 - () https://github.com/primaryboy/CVE/issues/1 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.282921 - () https://vuldb.com/?ctiid.282921 - Permissions Required
References () https://vuldb.com/?id.282921 - () https://vuldb.com/?id.282921 - Permissions Required
References () https://vuldb.com/?submit.436316 - () https://vuldb.com/?submit.436316 - Third Party Advisory
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:codezips:pet_shop_management_system:1.0:*:*:*:*:*:*:*
Summary
  • (es) Se ha encontrado una vulnerabilidad en Codezips Pet Shop Management System 1.0. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo /productadd.php. La manipulación del argumento id/name provoca una inyección SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. El aviso inicial para investigadores menciona nombres de archivos contradictorios que se verán afectados.
First Time Codezips
Codezips pet Shop Management System

04 Nov 2024, 13:17

Type Values Removed Values Added
CWE CWE-74
CWE-707
Summary (en) A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected. (en) A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected.

04 Nov 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 02:15

Updated : 2024-11-05 17:59


NVD link : CVE-2024-10752

Mitre link : CVE-2024-10752

CVE.ORG link : CVE-2024-10752


JSON object : View

Products Affected

codezips

  • pet_shop_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-707

Improper Neutralization

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')