A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Project Selection Page. The manipulation of the argument no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 29 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:yugeshverma:student_project_allocation_system:1.0:*:*:*:*:*:*:* cpe:2.3:a:projectworlds:student_project_allocation_system:1.0:*:*:*:*:*:*:*
Vendors & Products Yugeshverma
Yugeshverma student Project Allocation System

Tue, 29 Oct 2024 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Yugeshverma
Yugeshverma student Project Allocation System
CPEs cpe:2.3:a:yugeshverma:student_project_allocation_system:1.0:*:*:*:*:*:*:*
Vendors & Products Yugeshverma
Yugeshverma student Project Allocation System

Mon, 28 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Projectworlds
Projectworlds student Project Allocation System
CPEs cpe:2.3:a:projectworlds:student_project_allocation_system:*:*:*:*:*:*:*:*
Vendors & Products Projectworlds
Projectworlds student Project Allocation System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 27 Oct 2024 18:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Project Selection Page. The manipulation of the argument no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title Project Worlds Student Project Allocation System Project Selection Page remove_project.php sql injection
Weaknesses CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-10-27T18:31:04.014Z

Updated: 2024-10-28T13:11:20.421Z

Reserved: 2024-10-26T14:07:13.732Z

Link: CVE-2024-10424

cve-icon Vulnrichment

Updated: 2024-10-28T13:11:14.770Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-27T19:15:04.273

Modified: 2024-10-29T13:11:42.527

Link: CVE-2024-10424

cve-icon Redhat

No data.