A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions a confusing product name to be affected. Other parameters might be affected as well.
References
Link | Resource |
---|---|
https://code-projects.org/ | Product |
https://github.com/yhcyhc981/cve/blob/main/sql16.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.283029 | Permissions Required VDB Entry |
https://vuldb.com/?id.283029 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.436546 | Third Party Advisory VDB Entry |
Configurations
History
07 Nov 2024, 17:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:anisha:university_event_management_system:1.0:*:*:*:*:*:*:* | |
References | () https://code-projects.org/ - Product | |
References | () https://github.com/yhcyhc981/cve/blob/main/sql16.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.283029 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.283029 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.436546 - Third Party Advisory, VDB Entry | |
First Time |
Anisha
Anisha university Event Management System |
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
05 Nov 2024, 16:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Nov 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-04 23:15
Updated : 2024-11-07 17:09
NVD link : CVE-2024-10805
Mitre link : CVE-2024-10805
CVE.ORG link : CVE-2024-10805
JSON object : View
Products Affected
anisha
- university_event_management_system