{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6191", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-06-20T06:00:17.150Z", "datePublished": "2024-06-20T14:31:05.824Z", "dateUpdated": "2024-08-01T21:33:04.955Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-20T14:31:05.824Z"}, "title": "itsourcecode Student Management System Login Page login.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 SQL Injection"}]}], "affected": [{"vendor": "itsourcecode", "product": "Student Management System", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Login Page"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269163."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in itsourcecode Student Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei login.php der Komponente Login Page. Durch Manipulation des Arguments user mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-06-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-06-20T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-06-20T08:05:27.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Hryspa_Hodor (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.269163", "name": "VDB-269163 | itsourcecode Student Management System Login Page login.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.269163", "name": "VDB-269163 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.359009", "name": "Submit #359009 | itsourcecode Student Management System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/HryspaHodor/CVE/issues/3", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"affected": [{"vendor": "itsourcecode", "product": "student_management_system", "cpes": ["cpe:2.3:a:itsourcecode:student_management_system:1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-27T18:43:06.596425Z", "id": "CVE-2024-6191", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T18:36:13.311Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:04.955Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.269163", "name": "VDB-269163 | itsourcecode Student Management System Login Page login.php sql injection", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.269163", "name": "VDB-269163 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.359009", "name": "Submit #359009 | itsourcecode Student Management System 1.0 SQL Injection", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/HryspaHodor/CVE/issues/3", "tags": ["exploit", "issue-tracking", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.269163", "name": "VDB-269163 | itsourcecode Student Management System Login Page login.php sql injection", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.269163", "name": "VDB-269163 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.359009", "name": "Submit #359009 | itsourcecode Student Management System 1.0 SQL Injection", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/HryspaHodor/CVE/issues/3", "tags": ["exploit", "issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:04.955Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6191", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-27T18:43:06.596425Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:itsourcecode:student_management_system:1.0:*:*:*:*:*:*:*"], "vendor": "itsourcecode", "product": "student_management_system", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T15:37:57.339Z"}}], "cna": {"title": "itsourcecode Student Management System Login Page login.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "Hryspa_Hodor (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "itsourcecode", "modules": ["Login Page"], "product": "Student Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2024-06-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-06-20T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-06-20T08:05:27.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.269163", "name": "VDB-269163 | itsourcecode Student Management System Login Page login.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.269163", "name": "VDB-269163 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.359009", "name": "Submit #359009 | itsourcecode Student Management System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/HryspaHodor/CVE/issues/3", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269163."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in itsourcecode Student Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei login.php der Komponente Login Page. Durch Manipulation des Arguments user mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-20T14:31:05.824Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6191", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:33:04.955Z", "dateReserved": "2024-06-20T06:00:17.150Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-06-20T14:31:05.824Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:angeljudesuarez:student_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7816C1E9-D65F-4652-A2F5-27FDEAA6B33D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269163."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en itsourcecode Student Management System 1.0 y clasificada como cr\u00edtica. Una parte desconocida del archivo login.php del componente Login Page es afectada. La manipulaci\u00f3n del argumento usuario conduce a la inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-269163."}], "id": "CVE-2024-6191", "lastModified": "2024-11-21T09:49:09.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-06-20T15:15:51.230", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/HryspaHodor/CVE/issues/3"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.269163"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?id.269163"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.359009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/HryspaHodor/CVE/issues/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.269163"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://vuldb.com/?id.269163"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.359009"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}