A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/project_selection/project_selection.php of the component Project Selection Page. The manipulation of the argument project_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 29 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:yugeshverma:student_project_allocation_system:1.0:*:*:*:*:*:*:* cpe:2.3:a:projectworlds:student_project_allocation_system:1.0:*:*:*:*:*:*:*
Vendors & Products Yugeshverma
Yugeshverma student Project Allocation System

Tue, 29 Oct 2024 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Yugeshverma
Yugeshverma student Project Allocation System
CPEs cpe:2.3:a:yugeshverma:student_project_allocation_system:1.0:*:*:*:*:*:*:*
Vendors & Products Yugeshverma
Yugeshverma student Project Allocation System

Mon, 28 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Projectworlds
Projectworlds student Project Allocation System
CPEs cpe:2.3:a:projectworlds:student_project_allocation_system:*:*:*:*:*:*:*:*
Vendors & Products Projectworlds
Projectworlds student Project Allocation System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 27 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/project_selection/project_selection.php of the component Project Selection Page. The manipulation of the argument project_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Title Project Worlds Student Project Allocation System Project Selection Page project_selection.php sql injection
Weaknesses CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-10-27T18:00:09.097Z

Updated: 2024-10-28T13:15:09.319Z

Reserved: 2024-10-26T14:07:11.651Z

Link: CVE-2024-10423

cve-icon Vulnrichment

Updated: 2024-10-28T13:15:03.014Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-27T18:15:03.323

Modified: 2024-10-29T13:11:44.690

Link: CVE-2024-10423

cve-icon Redhat

No data.