CVE-2024-7373

A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=load_answered. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273357 was assigned to this vulnerability.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:simple_realtime_quiz_system:1.0:*:*:*:*:*:*:*

History

07 Aug 2024, 18:45

Type Values Removed Values Added
CPE cpe:2.3:a:oretnom23:simple_realtime_quiz_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
First Time Oretnom23
Oretnom23 simple Realtime Quiz System
References () https://gist.github.com/topsky979/9bcb8b09acce0d5a8a453dfd5093881d - () https://gist.github.com/topsky979/9bcb8b09acce0d5a8a453dfd5093881d - Exploit
References () https://vuldb.com/?ctiid.273357 - () https://vuldb.com/?ctiid.273357 - Permissions Required
References () https://vuldb.com/?id.273357 - () https://vuldb.com/?id.273357 - Third Party Advisory
References () https://vuldb.com/?submit.383521 - () https://vuldb.com/?submit.383521 - Third Party Advisory, VDB Entry

02 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad ha sido encontrada en SourceCodester Simple Realtime Quiz System 1.0 y clasificada como crítica. Esto afecta a una parte desconocida del archivo /ajax.php?action=load_answered. La manipulación del argumento id conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-273357.

02 Aug 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 00:15

Updated : 2024-08-07 18:45


NVD link : CVE-2024-7373

Mitre link : CVE-2024-7373

CVE.ORG link : CVE-2024-7373


JSON object : View

Products Affected

oretnom23

  • simple_realtime_quiz_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')