Search criteria
12 vulnerabilities found for Alton Management System by itsourcecode
CVE-2024-7278 (GCVE-0-2024-7278)
Vulnerability from cvelistv5 – Published: 2024-07-31 00:00 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System team_save.php sql injection
Summary
A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273147.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7278",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T16:22:29.585760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:22:57.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273147 | itsourcecode Alton Management System team_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273147"
},
{
"name": "VDB-273147 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273147"
},
{
"name": "Submit #381096 | itsourcecode Alton Management System 1.0 SQLi team_save.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381096"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-6.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273147."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in itsourcecode Alton Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/team_save.php. Mittels Manipulieren des Arguments team mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T00:00:08.789Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273147 | itsourcecode Alton Management System team_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273147"
},
{
"name": "VDB-273147 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273147"
},
{
"name": "Submit #381096 | itsourcecode Alton Management System 1.0 SQLi team_save.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381096"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-6.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System team_save.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7278",
"datePublished": "2024-07-31T00:00:08.789Z",
"dateReserved": "2024-07-30T13:29:36.996Z",
"dateUpdated": "2024-08-01T21:52:31.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7277 (GCVE-0-2024-7277)
Vulnerability from cvelistv5 – Published: 2024-07-30 23:31 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System Add a Menu menu.php unrestricted upload
Summary
A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273146 is the identifier assigned to this vulnerability.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7277",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T18:16:51.842436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:21:01.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273146 | itsourcecode Alton Management System Add a Menu menu.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273146"
},
{
"name": "VDB-273146 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273146"
},
{
"name": "Submit #381095 | itsourcecode Alton Management System 1.0 File Upload",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381095"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-5.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Add a Menu"
],
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273146 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in itsourcecode Alton Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/menu.php der Komponente Add a Menu. Mittels dem Manipulieren des Arguments image mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T23:31:04.329Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273146 | itsourcecode Alton Management System Add a Menu menu.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273146"
},
{
"name": "VDB-273146 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273146"
},
{
"name": "Submit #381095 | itsourcecode Alton Management System 1.0 File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381095"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System Add a Menu menu.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7277",
"datePublished": "2024-07-30T23:31:04.329Z",
"dateReserved": "2024-07-30T13:29:34.074Z",
"dateUpdated": "2024-08-01T21:52:31.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7276 (GCVE-0-2024-7276)
Vulnerability from cvelistv5 – Published: 2024-07-30 23:00 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System member_save.php sql injection
Summary
A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The manipulation of the argument last/first leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273145 was assigned to this vulnerability.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7276",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T14:51:04.882250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T14:52:00.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273145 | itsourcecode Alton Management System member_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273145"
},
{
"name": "VDB-273145 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273145"
},
{
"name": "Submit #381094 | itsourcecode Alton Management System 1.0 member_save.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381094"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-4.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The manipulation of the argument last/first leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273145 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In itsourcecode Alton Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/member_save.php. Durch Manipulation des Arguments last/first mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T23:00:06.862Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273145 | itsourcecode Alton Management System member_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273145"
},
{
"name": "VDB-273145 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273145"
},
{
"name": "Submit #381094 | itsourcecode Alton Management System 1.0 member_save.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381094"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-4.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System member_save.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7276",
"datePublished": "2024-07-30T23:00:06.862Z",
"dateReserved": "2024-07-30T13:29:31.264Z",
"dateUpdated": "2024-08-01T21:52:31.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7275 (GCVE-0-2024-7275)
Vulnerability from cvelistv5 – Published: 2024-07-30 22:31 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System category_save.php sql injection
Summary
A vulnerability, which was classified as critical, was found in itsourcecode Alton Management System 1.0. Affected is an unknown function of the file /admin/category_save.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273144.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7275",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:10:50.716831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T15:11:13.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273144 | itsourcecode Alton Management System category_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273144"
},
{
"name": "VDB-273144 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273144"
},
{
"name": "Submit #381093 | itsourcecode Alton Management System 1.0 SQLi category_save.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381093"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in itsourcecode Alton Management System 1.0. Affected is an unknown function of the file /admin/category_save.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273144."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in itsourcecode Alton Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/category_save.php. Durch die Manipulation des Arguments category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T22:31:04.041Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273144 | itsourcecode Alton Management System category_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273144"
},
{
"name": "VDB-273144 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273144"
},
{
"name": "Submit #381093 | itsourcecode Alton Management System 1.0 SQLi category_save.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381093"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System category_save.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7275",
"datePublished": "2024-07-30T22:31:04.041Z",
"dateReserved": "2024-07-30T13:29:28.449Z",
"dateUpdated": "2024-08-01T21:52:31.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7274 (GCVE-0-2024-7274)
Vulnerability from cvelistv5 – Published: 2024-07-30 21:31 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System reservation_status.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T15:03:32.178970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:04:28.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273143 | itsourcecode Alton Management System reservation_status.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273143"
},
{
"name": "VDB-273143 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273143"
},
{
"name": "Submit #381091 | itsourcecode Alton Management System 1.0 SQLi retation_status.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381091"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in itsourcecode Alton Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /reservation_status.php. Mit der Manipulation des Arguments rcode mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T21:31:04.387Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273143 | itsourcecode Alton Management System reservation_status.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273143"
},
{
"name": "VDB-273143 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273143"
},
{
"name": "Submit #381091 | itsourcecode Alton Management System 1.0 SQLi retation_status.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381091"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System reservation_status.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7274",
"datePublished": "2024-07-30T21:31:04.387Z",
"dateReserved": "2024-07-30T13:29:25.687Z",
"dateUpdated": "2024-08-01T21:52:31.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7273 (GCVE-0-2024-7273)
Vulnerability from cvelistv5 – Published: 2024-07-30 20:31 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System search.php sql injection
Summary
A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273142 is the identifier assigned to this vulnerability.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7273",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:26:35.911041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T14:15:30.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273142 | itsourcecode Alton Management System search.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273142"
},
{
"name": "VDB-273142 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273142"
},
{
"name": "Submit #381089 | itsourcecode Alton Management System 1.0 SQLi search.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381089"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273142 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In itsourcecode Alton Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei search.php. Dank Manipulation des Arguments rcode mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T20:31:04.105Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273142 | itsourcecode Alton Management System search.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273142"
},
{
"name": "VDB-273142 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273142"
},
{
"name": "Submit #381089 | itsourcecode Alton Management System 1.0 SQLi search.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381089"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7273",
"datePublished": "2024-07-30T20:31:04.105Z",
"dateReserved": "2024-07-30T13:29:22.125Z",
"dateUpdated": "2024-08-01T21:52:31.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7278 (GCVE-0-2024-7278)
Vulnerability from nvd – Published: 2024-07-31 00:00 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System team_save.php sql injection
Summary
A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273147.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7278",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T16:22:29.585760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:22:57.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273147 | itsourcecode Alton Management System team_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273147"
},
{
"name": "VDB-273147 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273147"
},
{
"name": "Submit #381096 | itsourcecode Alton Management System 1.0 SQLi team_save.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381096"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-6.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273147."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in itsourcecode Alton Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/team_save.php. Mittels Manipulieren des Arguments team mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T00:00:08.789Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273147 | itsourcecode Alton Management System team_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273147"
},
{
"name": "VDB-273147 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273147"
},
{
"name": "Submit #381096 | itsourcecode Alton Management System 1.0 SQLi team_save.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381096"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-6.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System team_save.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7278",
"datePublished": "2024-07-31T00:00:08.789Z",
"dateReserved": "2024-07-30T13:29:36.996Z",
"dateUpdated": "2024-08-01T21:52:31.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7277 (GCVE-0-2024-7277)
Vulnerability from nvd – Published: 2024-07-30 23:31 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System Add a Menu menu.php unrestricted upload
Summary
A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273146 is the identifier assigned to this vulnerability.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7277",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T18:16:51.842436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:21:01.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273146 | itsourcecode Alton Management System Add a Menu menu.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273146"
},
{
"name": "VDB-273146 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273146"
},
{
"name": "Submit #381095 | itsourcecode Alton Management System 1.0 File Upload",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381095"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-5.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Add a Menu"
],
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273146 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in itsourcecode Alton Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/menu.php der Komponente Add a Menu. Mittels dem Manipulieren des Arguments image mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T23:31:04.329Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273146 | itsourcecode Alton Management System Add a Menu menu.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273146"
},
{
"name": "VDB-273146 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273146"
},
{
"name": "Submit #381095 | itsourcecode Alton Management System 1.0 File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381095"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System Add a Menu menu.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7277",
"datePublished": "2024-07-30T23:31:04.329Z",
"dateReserved": "2024-07-30T13:29:34.074Z",
"dateUpdated": "2024-08-01T21:52:31.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7276 (GCVE-0-2024-7276)
Vulnerability from nvd – Published: 2024-07-30 23:00 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System member_save.php sql injection
Summary
A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The manipulation of the argument last/first leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273145 was assigned to this vulnerability.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7276",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T14:51:04.882250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T14:52:00.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273145 | itsourcecode Alton Management System member_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273145"
},
{
"name": "VDB-273145 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273145"
},
{
"name": "Submit #381094 | itsourcecode Alton Management System 1.0 member_save.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381094"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-4.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The manipulation of the argument last/first leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273145 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In itsourcecode Alton Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/member_save.php. Durch Manipulation des Arguments last/first mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T23:00:06.862Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273145 | itsourcecode Alton Management System member_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273145"
},
{
"name": "VDB-273145 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273145"
},
{
"name": "Submit #381094 | itsourcecode Alton Management System 1.0 member_save.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381094"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-4.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System member_save.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7276",
"datePublished": "2024-07-30T23:00:06.862Z",
"dateReserved": "2024-07-30T13:29:31.264Z",
"dateUpdated": "2024-08-01T21:52:31.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7275 (GCVE-0-2024-7275)
Vulnerability from nvd – Published: 2024-07-30 22:31 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System category_save.php sql injection
Summary
A vulnerability, which was classified as critical, was found in itsourcecode Alton Management System 1.0. Affected is an unknown function of the file /admin/category_save.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273144.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7275",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:10:50.716831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T15:11:13.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273144 | itsourcecode Alton Management System category_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273144"
},
{
"name": "VDB-273144 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273144"
},
{
"name": "Submit #381093 | itsourcecode Alton Management System 1.0 SQLi category_save.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381093"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in itsourcecode Alton Management System 1.0. Affected is an unknown function of the file /admin/category_save.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273144."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in itsourcecode Alton Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/category_save.php. Durch die Manipulation des Arguments category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T22:31:04.041Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273144 | itsourcecode Alton Management System category_save.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273144"
},
{
"name": "VDB-273144 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273144"
},
{
"name": "Submit #381093 | itsourcecode Alton Management System 1.0 SQLi category_save.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381093"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System category_save.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7275",
"datePublished": "2024-07-30T22:31:04.041Z",
"dateReserved": "2024-07-30T13:29:28.449Z",
"dateUpdated": "2024-08-01T21:52:31.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7274 (GCVE-0-2024-7274)
Vulnerability from nvd – Published: 2024-07-30 21:31 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System reservation_status.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T15:03:32.178970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:04:28.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273143 | itsourcecode Alton Management System reservation_status.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273143"
},
{
"name": "VDB-273143 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273143"
},
{
"name": "Submit #381091 | itsourcecode Alton Management System 1.0 SQLi retation_status.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381091"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in itsourcecode Alton Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /reservation_status.php. Mit der Manipulation des Arguments rcode mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T21:31:04.387Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273143 | itsourcecode Alton Management System reservation_status.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273143"
},
{
"name": "VDB-273143 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273143"
},
{
"name": "Submit #381091 | itsourcecode Alton Management System 1.0 SQLi retation_status.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381091"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System reservation_status.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7274",
"datePublished": "2024-07-30T21:31:04.387Z",
"dateReserved": "2024-07-30T13:29:25.687Z",
"dateUpdated": "2024-08-01T21:52:31.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7273 (GCVE-0-2024-7273)
Vulnerability from nvd – Published: 2024-07-30 20:31 – Updated: 2024-08-01 21:52
VLAI?
Title
itsourcecode Alton Management System search.php sql injection
Summary
A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273142 is the identifier assigned to this vulnerability.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Alton Management System |
Affected:
1.0
|
Credits
Dee.Mirage (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:itsourcecode:alton_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alton_management_system",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7273",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:26:35.911041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T14:15:30.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-273142 | itsourcecode Alton Management System search.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.273142"
},
{
"name": "VDB-273142 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.273142"
},
{
"name": "Submit #381089 | itsourcecode Alton Management System 1.0 SQLi search.php",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.381089"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Alton Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dee.Mirage (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273142 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In itsourcecode Alton Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei search.php. Dank Manipulation des Arguments rcode mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T20:31:04.105Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-273142 | itsourcecode Alton Management System search.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.273142"
},
{
"name": "VDB-273142 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.273142"
},
{
"name": "Submit #381089 | itsourcecode Alton Management System 1.0 SQLi search.php",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.381089"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-30T15:34:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Alton Management System search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7273",
"datePublished": "2024-07-30T20:31:04.105Z",
"dateReserved": "2024-07-30T13:29:22.125Z",
"dateUpdated": "2024-08-01T21:52:31.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}