CVE-2024-11968 - Vulnerability Details

Vendors	Products
Anisha	Farmacia

Link	Providers
https://code-projects.org/
https://github.com/xiaobai19198/cve/blob/main/sql-cve.md
https://vuldb.com/?ctiid.286351
https://vuldb.com/?id.286351
https://vuldb.com/?submit.452877

Type	Values Removed	Values Added
First Time appeared		Anisha Anisha farmacia
CPEs		cpe:2.3:a:anisha:farmacia:1.0:::::::*
Vendors & Products		Anisha Anisha farmacia

Type	Values Removed	Values Added
Description		A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely.
Title		code-projects Farmacia pagamento.php sql injection
Weaknesses		CWE-74 CWE-89
References		https://code-projects.org/ https://github.com/xiaobai19198/cve/blob/main/sql-cve.md https://vuldb.com/?ctiid.286351 https://vuldb.com/?id.286351 https://vuldb.com/?submit.452877
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11968", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-11-28T09:19:05.863Z", "datePublished": "2024-11-28T18:00:17.415Z", "dateUpdated": "2024-11-29T15:08:29.281Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-28T18:00:17.415Z"}, "title": "code-projects Farmacia pagamento.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Farmacia", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely."}, {"lang": "de", "value": "In code-projects Farmacia bis 1.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei pagamento.php. Durch Beeinflussen des Arguments notaFiscal mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-11-28T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-11-28T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-11-28T14:25:45.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "xiaobai233 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "xiaobai233 (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.286351", "name": "VDB-286351 | code-projects Farmacia pagamento.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.286351", "name": "VDB-286351 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.452877", "name": "Submit #452877 | code-projects farmacia-in-php v1.0 sql injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xiaobai19198/cve/blob/main/sql-cve.md", "tags": ["related"]}, {"url": "https://code-projects.org/", "tags": ["product"]}]}, "adp": [{"affected": [{"vendor": "code-projects", "product": "farmacia", "cpes": ["cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-29T15:07:39.709981Z", "id": "CVE-2024-11968", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T15:08:29.281Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-11968 (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

state : PUBLISHED (string)

assignerShortName : VulDB (string)

dateReserved : 2024-11-28T09:19:05.863Z (string)

datePublished : 2024-11-28T18:00:17.415Z (string)

dateUpdated : 2024-11-29T15:08:29.281Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2024-11-28T18:00:17.415Z (string)

}

title : code-projects Farmacia pagamento.php sql injection (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-89 (string)

lang : en (string)

description : SQL Injection (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-74 (string)

lang : en (string)

description : Injection (string)

}

]

}

]

affected : [ »

0 : { »

vendor : code-projects (string)

product : Farmacia (string)

versions : [ »

0 : { »

version : 1.0 (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely. (string)

}

1 : { »

lang : de (string)

value : In code-projects Farmacia bis 1.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Datei pagamento.php. Durch Beeinflussen des Arguments notaFiscal mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 5.3 (number)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N (string)

baseSeverity : MEDIUM (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 6.3 (number)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (string)

baseSeverity : MEDIUM (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 6.3 (number)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (string)

baseSeverity : MEDIUM (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 6.5 (number)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

}

]

timeline : [ »

0 : { »

time : 2024-11-28T00:00:00.000Z (string)

lang : en (string)

value : Advisory disclosed (string)

}

1 : { »

time : 2024-11-28T01:00:00.000Z (string)

lang : en (string)

value : VulDB entry created (string)

}

2 : { »

time : 2024-11-28T14:25:45.000Z (string)

lang : en (string)

value : VulDB entry last update (string)

}

]

credits : [ »

0 : { »

lang : en (string)

value : xiaobai233 (VulDB User) (string)

type : reporter (string)

}

1 : { »

lang : en (string)

value : xiaobai233 (VulDB User) (string)

type : analyst (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.286351 (string)

name : VDB-286351 | code-projects Farmacia pagamento.php sql injection (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.286351 (string)

name : VDB-286351 | CTI Indicators (IOB, IOC, TTP, IOA) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://vuldb.com/?submit.452877 (string)

name : Submit #452877 | code-projects farmacia-in-php v1.0 sql injection (string)

tags : [ »

0 : third-party-advisory (string)

]

}

3 : { »

url : https://github.com/xiaobai19198/cve/blob/main/sql-cve.md (string)

tags : [ »

0 : related (string)

]

}

4 : { »

url : https://code-projects.org/ (string)

tags : [ »

0 : product (string)

]

}

]

}

adp : [ »

0 : { »

affected : [ »

0 : { »

vendor : code-projects (string)

product : farmacia (string)

cpes : [ »

0 : cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 1.0 (string)

status : affected (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-11-29T15:07:39.709981Z (string)

id : CVE-2024-11968 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-29T15:08:29.281Z (string)

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anisha:farmacia:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C68FD0-0D27-4525-8289-0526E4F5B6E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en code-projects Farmacia hasta la versi\u00f3n 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo pagamento.php. La manipulaci\u00f3n del argumento notaFiscal conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota."}], "id": "CVE-2024-11968", "lastModified": "2024-12-03T20:12:14.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-11-28T18:15:07.980", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/xiaobai19198/cve/blob/main/sql-cve.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.286351"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.286351"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?submit.452877"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:anisha:farmacia:1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B8C68FD0-0D27-4525-8289-0526E4F5B6E6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely. (string)

}

1 : { »

lang : es (string)

value : Se ha encontrado una vulnerabilidad en code-projects Farmacia hasta la versión 1.0. Se ha declarado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo pagamento.php. La manipulación del argumento notaFiscal conduce a una inyección SQL. El ataque puede ejecutarse de forma remota. (string)

}

]

id : CVE-2024-11968 (string)

lastModified : 2024-12-03T20:12:14.177 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : cna@vuldb.com (string)

type : Secondary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.4 (number)

source : cna@vuldb.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

cvssMetricV40 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

automatable : NOT_DEFINED (string)

availabilityRequirements : NOT_DEFINED (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityRequirements : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirements : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubsequentSystemAvailability : NOT_DEFINED (string)

modifiedSubsequentSystemConfidentiality : NOT_DEFINED (string)

modifiedSubsequentSystemIntegrity : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnerableSystemAvailability : NOT_DEFINED (string)

modifiedVulnerableSystemConfidentiality : NOT_DEFINED (string)

modifiedVulnerableSystemIntegrity : NOT_DEFINED (string)

privilegesRequired : LOW (string)

providerUrgency : NOT_DEFINED (string)

recovery : NOT_DEFINED (string)

safety : NOT_DEFINED (string)

subsequentSystemAvailability : NONE (string)

subsequentSystemConfidentiality : NONE (string)

subsequentSystemIntegrity : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

vulnerableSystemAvailability : LOW (string)

vulnerableSystemConfidentiality : LOW (string)

vulnerableSystemIntegrity : LOW (string)

}

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

}

published : 2024-11-28T18:15:07.980 (string)

references : [ »

0 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Product (string)

]

url : https://code-projects.org/ (string)

}

1 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/xiaobai19198/cve/blob/main/sql-cve.md (string)

}

2 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://vuldb.com/?ctiid.286351 (string)

}

3 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://vuldb.com/?id.286351 (string)

}

4 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://vuldb.com/?submit.452877 (string)

}

]

sourceIdentifier : cna@vuldb.com (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-74 (string)

}

1 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : cna@vuldb.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object