A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0. This affects an unknown part of the file /endpoint/delete-timesheet.php. The manipulation of the argument timesheet leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/zz0zz0/CVE/blob/main/Online%20Timesheet%20App%20--SQL%20injection/Online%20Timesheet%20App%20--SQL%20injection.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.278823 | Permissions Required |
https://vuldb.com/?id.278823 | Third Party Advisory |
https://vuldb.com/?submit.413329 | Third Party Advisory |
https://www.sourcecodester.com/ | Product |
Configurations
History
01 Oct 2024, 13:29
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
CPE | cpe:2.3:a:rems:online_timesheet_app:1.0:*:*:*:*:*:*:* | |
First Time |
Rems
Rems online Timesheet App |
|
References | () https://github.com/zz0zz0/CVE/blob/main/Online%20Timesheet%20App%20--SQL%20injection/Online%20Timesheet%20App%20--SQL%20injection.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.278823 - Permissions Required | |
References | () https://vuldb.com/?id.278823 - Third Party Advisory | |
References | () https://vuldb.com/?submit.413329 - Third Party Advisory | |
References | () https://www.sourcecodester.com/ - Product |
30 Sep 2024, 12:45
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Sep 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-29 00:15
Updated : 2024-10-01 13:29
NVD link : CVE-2024-9319
Mitre link : CVE-2024-9319
CVE.ORG link : CVE-2024-9319
JSON object : View
Products Affected
rems
- online_timesheet_app
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')