CVE-2024-7366

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273345 was assigned to this vulnerability.
References
Link Resource
https://gist.github.com/topsky979/c0efd2f3e6e146eb9e110e5e63cb5fbb Exploit
https://vuldb.com/?ctiid.273345 Permissions Required Third Party Advisory
https://vuldb.com/?id.273345 Permissions Required Third Party Advisory
https://vuldb.com/?submit.383501 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:tracking_monitoring_management_system:1.0:*:*:*:*:*:*:*

History

09 Aug 2024, 14:16

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:oretnom23:tracking_monitoring_management_system:1.0:*:*:*:*:*:*:*
First Time Oretnom23 tracking Monitoring Management System
Oretnom23
References () https://gist.github.com/topsky979/c0efd2f3e6e146eb9e110e5e63cb5fbb - () https://gist.github.com/topsky979/c0efd2f3e6e146eb9e110e5e63cb5fbb - Exploit
References () https://vuldb.com/?ctiid.273345 - () https://vuldb.com/?ctiid.273345 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.273345 - () https://vuldb.com/?id.273345 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?submit.383501 - () https://vuldb.com/?submit.383501 - Third Party Advisory

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en SourceCodester Tracking Monitoring Management System 1.0. Ha sido clasificada como crítica. Una parte desconocida del archivo /ajax.php?action=login del componente Login. La manipulación del argumento username conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-273345.

01 Aug 2024, 21:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 21:16

Updated : 2024-08-09 14:16


NVD link : CVE-2024-7366

Mitre link : CVE-2024-7366

CVE.ORG link : CVE-2024-7366


JSON object : View

Products Affected

oretnom23

  • tracking_monitoring_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')