CVE-2024-7811

A vulnerability classified as critical has been found in SourceCodester Daily Expenses Monitoring App 1.0. This affects an unknown part of the file /endpoint/delete-expense.php. The manipulation of the argument expense leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rems:daily_expenses_monitoring_app:1.0:*:*:*:*:*:*:*

History

19 Aug 2024, 18:15

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
References () https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/daily%20expenses%20monitoring%20app%20-%20delete-expense.php%20sql%20injection%20vulnerability.md - () https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/daily%20expenses%20monitoring%20app%20-%20delete-expense.php%20sql%20injection%20vulnerability.md - Exploit
References () https://vuldb.com/?ctiid.274707 - () https://vuldb.com/?ctiid.274707 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.274707 - () https://vuldb.com/?id.274707 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.390947 - () https://vuldb.com/?submit.390947 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:rems:daily_expenses_monitoring_app:1.0:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad ha sido encontrada en SourceCodester Daily Expenses Monitoring App 1.0 y clasificada como crítica. Esto afecta a una parte desconocida del archivo /endpoint/delete-expense.php. La manipulación del argumento expense conduce a la inyección de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
First Time Rems
Rems daily Expenses Monitoring App

15 Aug 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-15 03:15

Updated : 2024-08-19 18:15


NVD link : CVE-2024-7811

Mitre link : CVE-2024-7811

CVE.ORG link : CVE-2024-7811


JSON object : View

Products Affected

rems

  • daily_expenses_monitoring_app
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')