A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
References
Link | Resource |
---|---|
https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.282927 | Permissions Required VDB Entry |
https://vuldb.com/?id.282927 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.436395 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
05 Nov 2024, 19:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Anirbandutta9 news-buzz
Code-projects Code-projects content Management System Anirbandutta9 |
|
CPE | cpe:2.3:a:anirbandutta9:news-buzz:1.0:*:*:*:*:*:*:* cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
Summary |
|
|
References | () https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.282927 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.282927 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.436395 - Third Party Advisory, VDB Entry |
04 Nov 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-04 04:15
Updated : 2024-11-05 19:55
NVD link : CVE-2024-10758
Mitre link : CVE-2024-10758
CVE.ORG link : CVE-2024-10758
JSON object : View
Products Affected
code-projects
- content_management_system
anirbandutta9
- news-buzz
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')