CVE-2024-10758

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
References
Link Resource
https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.282927 Permissions Required VDB Entry
https://vuldb.com/?id.282927 Third Party Advisory VDB Entry
https://vuldb.com/?submit.436395 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:anirbandutta9:news-buzz:1.0:*:*:*:*:*:*:*
cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:*

History

05 Nov 2024, 19:55

Type Values Removed Values Added
First Time Anirbandutta9 news-buzz
Code-projects
Code-projects content Management System
Anirbandutta9
CPE cpe:2.3:a:anirbandutta9:news-buzz:1.0:*:*:*:*:*:*:*
cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. Afecta a una parte desconocida del archivo /index.php. La manipulación del argumento user_name provoca una inyección SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. Este producto se distribuye con dos nombres completamente diferentes.
References () https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md - () https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.282927 - () https://vuldb.com/?ctiid.282927 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.282927 - () https://vuldb.com/?id.282927 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.436395 - () https://vuldb.com/?submit.436395 - Third Party Advisory, VDB Entry

04 Nov 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 04:15

Updated : 2024-11-05 19:55


NVD link : CVE-2024-10758

Mitre link : CVE-2024-10758

CVE.ORG link : CVE-2024-10758


JSON object : View

Products Affected

code-projects

  • content_management_system

anirbandutta9

  • news-buzz
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')