CVE-2024-5976

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. Affected is the function log_employee of the file /classes/Master.php?f=log_employee. The manipulation of the argument employee_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268422 is the identifier assigned to this vulnerability.
References
Link Resource
https://github.com/Xu-Mingming/cve/blob/main/sql.md Exploit Technical Description
https://vuldb.com/?ctiid.268422 Permissions Required VDB Entry
https://vuldb.com/?id.268422 VDB Entry
https://vuldb.com/?submit.355692 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:employee_and_visitor_gate_pass_logging_system:1.0:*:*:*:*:*:*:*

History

16 Aug 2024, 17:53

Type Values Removed Values Added
CPE cpe:2.3:a:oretnom23:employee_and_visitor_gate_pass_logging_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
References () https://github.com/Xu-Mingming/cve/blob/main/sql.md - () https://github.com/Xu-Mingming/cve/blob/main/sql.md - Exploit, Technical Description
References () https://vuldb.com/?ctiid.268422 - () https://vuldb.com/?ctiid.268422 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.268422 - () https://vuldb.com/?id.268422 - VDB Entry
References () https://vuldb.com/?submit.355692 - () https://vuldb.com/?submit.355692 - Third Party Advisory
First Time Oretnom23
Oretnom23 employee And Visitor Gate Pass Logging System

17 Jun 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Ha sido clasificada como crítica. La función log_employee del fichero /classes/Master.php?f=log_employee es afectada por la vulnerabilidad. La manipulación del argumento código_empleado conduce a la inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-268422 es el identificador asignado a esta vulnerabilidad.

14 Jun 2024, 03:15

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 6.3
v2 : 7.5
v3 : 7.3

13 Jun 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-13 21:15

Updated : 2024-08-16 17:53


NVD link : CVE-2024-5976

Mitre link : CVE-2024-5976

CVE.ORG link : CVE-2024-5976


JSON object : View

Products Affected

oretnom23

  • employee_and_visitor_gate_pass_logging_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')