CVE-2024-44727

Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:angeljudesuarez:event_management_system:1.0:*:*:*:*:*:*:*

History

06 Sep 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) Sourcecodehero Event Management System1.0 es vulnerable a la inyección SQL a través del parámetro 'nombre de usuario' en /event/admin/login.php.
CPE cpe:2.3:a:angeljudesuarez:event_management_system:1.0:*:*:*:*:*:*:*
References () https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Sourcecodehero%20Event%20Management%20System/CVE-2024-44727.MD - () https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Sourcecodehero%20Event%20Management%20System/CVE-2024-44727.MD - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 7.4
v2 : unknown
v3 : 9.8
First Time Angeljudesuarez
Angeljudesuarez event Management System

05 Sep 2024, 18:35

Type Values Removed Values Added
CWE CWE-89
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.4

05 Sep 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-05 17:15

Updated : 2024-09-06 13:15


NVD link : CVE-2024-44727

Mitre link : CVE-2024-44727

CVE.ORG link : CVE-2024-44727


JSON object : View

Products Affected

angeljudesuarez

  • event_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')