CVE-2024-7274

A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143.
References
Link Resource
https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md Exploit
https://vuldb.com/?ctiid.273143 Permissions Required Third Party Advisory
https://vuldb.com/?id.273143 Third Party Advisory
https://vuldb.com/?submit.381091 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:adonesevangelista:restaurant_management_system:1.0:*:*:*:*:*:*:*

History

13 Aug 2024, 16:10

Type Values Removed Values Added
First Time Adonesevangelista
Adonesevangelista restaurant Management System
CPE cpe:2.3:a:adonesevangelista:restaurant_management_system:1.0:*:*:*:*:*:*:*
References () https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md - () https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md - Exploit
References () https://vuldb.com/?ctiid.273143 - () https://vuldb.com/?ctiid.273143 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.273143 - () https://vuldb.com/?id.273143 - Third Party Advisory
References () https://vuldb.com/?submit.381091 - () https://vuldb.com/?submit.381091 - Third Party Advisory
CVSS v2 : 5.8
v3 : 4.7
v2 : 5.8
v3 : 7.2

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en itsourcecode Alton Management System 1.0 y clasificada como crítica. Este problema afecta un procesamiento desconocido del archivo /reservation_status.php. La manipulación del argumento rcode conduce a la inyección de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-273143.

30 Jul 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-30 22:15

Updated : 2024-08-13 16:10


NVD link : CVE-2024-7274

Mitre link : CVE-2024-7274

CVE.ORG link : CVE-2024-7274


JSON object : View

Products Affected

adonesevangelista

  • restaurant_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')