{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7668", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-08-10T08:18:57.384Z", "datePublished": "2024-08-11T08:31:03.884Z", "dateUpdated": "2024-08-12T14:09:59.171Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-08-11T08:31:03.884Z"}, "title": "SourceCodester Car Driving School Management System Master.php delete_package sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 SQL Injection"}]}], "affected": [{"vendor": "SourceCodester", "product": "Car Driving School Management System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This vulnerability affects the function delete_package of the file Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In SourceCodester Car Driving School Management System 1.0 wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion delete_package der Datei Master.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-08-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-08-10T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-08-10T10:24:26.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "BFS-Lab (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.274126", "name": "VDB-274126 | SourceCodester Car Driving School Management System Master.php delete_package sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.274126", "name": "VDB-274126 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.388772", "name": "Submit #388772 | SourceCodester Sourcecodester Car Driving School Management System 1.0 SQL injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-6.md", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "sourcecodester", "product": "car_driving_school_management_system", "cpes": ["cpe:2.3:a:sourcecodester:car_driving_school_management_system:1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T14:09:22.728499Z", "id": "CVE-2024-7668", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T14:09:59.171Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "SourceCodester Car Driving School Management System Master.php delete_package sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "BFS-Lab (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "SourceCodester", "product": "Car Driving School Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2024-08-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-08-10T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-08-10T10:24:26.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.274126", "name": "VDB-274126 | SourceCodester Car Driving School Management System Master.php delete_package sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.274126", "name": "VDB-274126 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.388772", "name": "Submit #388772 | SourceCodester Sourcecodester Car Driving School Management System 1.0 SQL injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-6.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This vulnerability affects the function delete_package of the file Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "In SourceCodester Car Driving School Management System 1.0 wurde eine kritische Schwachstelle gefunden. Das betrifft die Funktion delete_package der Datei Master.php. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-08-11T08:31:03.884Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7668", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-12T14:09:22.728499Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sourcecodester:car_driving_school_management_system:1.0:*:*:*:*:*:*:*"], "vendor": "sourcecodester", "product": "car_driving_school_management_system", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-08-12T14:09:53.075Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-7668", "state": "PUBLISHED", "dateUpdated": "2024-08-11T08:31:03.884Z", "dateReserved": "2024-08-10T08:18:57.384Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-08-11T08:31:03.884Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oretnom23:car_driving_school_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "227C699A-1CA9-4101-8867-969988C2E03C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Car Driving School Management System 1.0 and classified as critical. This vulnerability affects the function delete_package of the file Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en SourceCodester Car Driving School Management System 1.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n eliminar_paquete del archivo Master.php. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."}], "id": "CVE-2024-7668", "lastModified": "2024-08-15T18:03:27.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-08-12T13:38:52.580", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-6.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.274126"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.274126"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.388772"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}