All the vulnerabilites related to code-projects - Farmacia
cve-2024-11259
Vulnerability from cvelistv5
Published
2024-11-15 20:00
Modified
2024-11-19 16:23
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.284717 | vdb-entry | |
https://vuldb.com/?ctiid.284717 | signature, permissions-required | |
https://vuldb.com/?submit.443398 | third-party-advisory | |
https://github.com/13u11erFly/cve/blob/main/xss.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11259", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-19T16:22:59.588318Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T16:23:48.912Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "13utterFly (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Eine Schwachstelle wurde in code-projects Farmacia 1.0 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /fornecedores.php. Durch Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross Site Scripting", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-94", "description": "Code Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T20:00:12.174Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-284717 | code-projects Farmacia fornecedores.php cross site scripting", "tags": [ "vdb-entry" ], "url": "https://vuldb.com/?id.284717" }, { "name": "VDB-284717 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.284717" }, { "name": "Submit #443398 | code-projects farmacia-in-php v1.0 Cross Site Scripting", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.443398" }, { "tags": [ "exploit" ], "url": "https://github.com/13u11erFly/cve/blob/main/xss.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-15T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-15T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-15T15:27:57.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia fornecedores.php cross site scripting" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11259", "datePublished": "2024-11-15T20:00:12.174Z", "dateReserved": "2024-11-15T14:22:49.630Z", "dateUpdated": "2024-11-19T16:23:48.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11998
Vulnerability from cvelistv5
Published
2024-11-30 09:31
Modified
2024-12-02 16:11
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in code-projects Farmacia 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /visualizer-forneccedor.chp. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.286414 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.286414 | signature, permissions-required | |
https://vuldb.com/?submit.453706 | third-party-advisory | |
https://github.com/jaychou8023/cve/blob/main/sql1.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:codeprojects:farmacia:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "codeprojects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11998", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-02T16:09:27.601966Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-02T16:11:43.619Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "jaychou8023 (VulDB User)" }, { "lang": "en", "type": "analyst", "value": "jaychou8023 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Farmacia 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /visualizer-forneccedor.chp. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "In code-projects Farmacia 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /visualizer-forneccedor.chp. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "SQL Injection", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-30T09:31:04.641Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-286414 | code-projects Farmacia visualizer-forneccedor.chp sql injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.286414" }, { "name": "VDB-286414 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.286414" }, { "name": "Submit #453706 | code-projects farmacia-in-php v1.0 SQL Injection", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.453706" }, { "tags": [ "exploit" ], "url": "https://github.com/jaychou8023/cve/blob/main/sql1.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-29T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-29T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-29T18:03:08.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia visualizer-forneccedor.chp sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11998", "datePublished": "2024-11-30T09:31:04.641Z", "dateReserved": "2024-11-29T15:38:37.636Z", "dateUpdated": "2024-12-02T16:11:43.619Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12007
Vulnerability from cvelistv5
Published
2024-12-01 23:00
Modified
2024-12-02 22:15
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.286491 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.286491 | signature, permissions-required | |
https://vuldb.com/?submit.454715 | third-party-advisory | |
https://github.com/LamentXU123/cve/blob/main/cve-l.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-12007", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-02T22:14:52.905594Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-02T22:15:29.922Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "LamentXU (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Es wurde eine kritische Schwachstelle in code-projects Farmacia 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /visualizar-produto.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "SQL Injection", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-01T23:00:12.257Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-286491 | code-projects Farmacia visualizar-produto.php sql injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.286491" }, { "name": "VDB-286491 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.286491" }, { "name": "Submit #454715 | code-projects farmacia-in-php v1.0 SQL Injection", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.454715" }, { "tags": [ "exploit" ], "url": "https://github.com/LamentXU123/cve/blob/main/cve-l.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-12-01T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-12-01T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-12-01T12:26:14.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia visualizar-produto.php sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-12007", "datePublished": "2024-12-01T23:00:12.257Z", "dateReserved": "2024-12-01T11:20:54.514Z", "dateUpdated": "2024-12-02T22:15:29.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11997
Vulnerability from cvelistv5
Published
2024-11-30 08:00
Modified
2024-12-05 16:09
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.286413 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.286413 | signature, permissions-required | |
https://vuldb.com/?submit.453703 | third-party-advisory | |
https://github.com/jaychou8023/cve/blob/main/xss2.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11997", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T16:07:37.177458Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T16:09:24.526Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "jaychou8023 (VulDB User)" }, { "lang": "en", "type": "analyst", "value": "jaychou8023 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in code-projects Farmacia 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /vendas.php. Mittels Manipulieren des Arguments notaFiscal mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross Site Scripting", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-94", "description": "Code Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-30T08:00:14.848Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-286413 | code-projects Farmacia vendas.php cross site scripting", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.286413" }, { "name": "VDB-286413 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.286413" }, { "name": "Submit #453703 | code-projects farmacia-in-php v1.0 Cross Site Scripting", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.453703" }, { "tags": [ "exploit" ], "url": "https://github.com/jaychou8023/cve/blob/main/xss2.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-29T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-29T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-29T18:02:59.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia vendas.php cross site scripting" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11997", "datePublished": "2024-11-30T08:00:14.848Z", "dateReserved": "2024-11-29T15:38:34.833Z", "dateUpdated": "2024-12-05T16:09:24.526Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11244
Vulnerability from cvelistv5
Published
2024-11-15 15:31
Modified
2024-11-15 16:44
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.284680 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.284680 | signature, permissions-required | |
https://vuldb.com/?submit.443177 | third-party-advisory | |
https://github.com/zsx020121/cve/blob/main/sql.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11244", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:43:44.041546Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T16:44:38.176Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "zsx020121 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "In code-projects Farmacia 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /editar-cliente.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "SQL Injection", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:31:04.987Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-284680 | code-projects Farmacia editar-cliente.php sql injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.284680" }, { "name": "VDB-284680 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.284680" }, { "name": "Submit #443177 | code-projects farmacia-in-php v1.0 sql injection", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.443177" }, { "tags": [ "exploit" ], "url": "https://github.com/zsx020121/cve/blob/main/sql.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-15T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-15T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-15T08:35:51.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia editar-cliente.php sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11244", "datePublished": "2024-11-15T15:31:04.987Z", "dateReserved": "2024-11-15T07:30:41.467Z", "dateUpdated": "2024-11-15T16:44:38.176Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-12492
Vulnerability from cvelistv5
Published
2024-12-11 23:00
Modified
2024-12-12 15:39
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in code-projects Farmacia 1.0. It has been rated as critical. This issue affects some unknown processing of the file /visualizar-usuario.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.287873 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.287873 | signature, permissions-required | |
https://vuldb.com/?submit.459115 | third-party-advisory | |
https://github.com/A1ph4D3v1l/cve/blob/main/sql-x.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12492", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-12T15:38:58.872018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-12T15:39:11.302Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "hello vuldb (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Farmacia 1.0. It has been rated as critical. This issue affects some unknown processing of the file /visualizar-usuario.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Eine Schwachstelle wurde in code-projects Farmacia 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /visualizar-usuario.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "SQL Injection", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-11T23:00:16.332Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-287873 | code-projects Farmacia visualizar-usuario.php sql injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.287873" }, { "name": "VDB-287873 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.287873" }, { "name": "Submit #459115 | code-projects farmacia v1.0 php sql injection", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.459115" }, { "tags": [ "exploit" ], "url": "https://github.com/A1ph4D3v1l/cve/blob/main/sql-x.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-12-11T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-12-11T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-12-11T14:01:20.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia visualizar-usuario.php sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-12492", "datePublished": "2024-12-11T23:00:16.332Z", "dateReserved": "2024-12-11T12:56:16.266Z", "dateUpdated": "2024-12-12T15:39:11.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11995
Vulnerability from cvelistv5
Published
2024-11-29 21:00
Modified
2024-12-05 16:16
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /pagamento.php. The manipulation of the argument total leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.286411 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.286411 | signature, permissions-required | |
https://vuldb.com/?submit.453639 | third-party-advisory | |
https://github.com/5p4rk/cve/blob/main/xss.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11995", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T16:15:24.856535Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T16:16:11.077Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "sp4rksec (VulDB User)" }, { "lang": "en", "type": "analyst", "value": "sp4rksec (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /pagamento.php. The manipulation of the argument total leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "In code-projects Farmacia 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /pagamento.php. Durch Manipulation des Arguments total mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross Site Scripting", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-94", "description": "Code Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-29T21:00:12.797Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-286411 | code-projects Farmacia pagamento.php cross site scripting", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.286411" }, { "name": "VDB-286411 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.286411" }, { "name": "Submit #453639 | code-projects farmacia-in-php v1.0 Cross Site Scripting", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.453639" }, { "tags": [ "exploit" ], "url": "https://github.com/5p4rk/cve/blob/main/xss.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-29T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-29T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-29T18:02:42.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia pagamento.php cross site scripting" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11995", "datePublished": "2024-11-29T21:00:12.797Z", "dateReserved": "2024-11-29T15:38:29.125Z", "dateUpdated": "2024-12-05T16:16:11.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11660
Vulnerability from cvelistv5
Published
2024-11-25 07:00
Modified
2024-11-25 20:59
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.285981 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.285981 | signature, permissions-required | |
https://vuldb.com/?submit.446925 | third-party-advisory | |
https://github.com/evo-ose/cve/blob/main/xss9.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11660", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T20:58:44.208399Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-25T20:59:37.334Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "Eevo (VulDB User)" }, { "lang": "en", "type": "analyst", "value": "Eevo (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in code-projects Farmacia 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei usuario.php. Durch die Manipulation des Arguments name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross Site Scripting", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-94", "description": "Code Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-25T07:00:18.844Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-285981 | code-projects Farmacia usuario.php cross site scripting", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.285981" }, { "name": "VDB-285981 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.285981" }, { "name": "Submit #446925 | code-projects farmacia-in-php v1.0 Cross Site Scripting", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.446925" }, { "tags": [ "exploit" ], "url": "https://github.com/evo-ose/cve/blob/main/xss9.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-24T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-24T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-25T07:24:11.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia usuario.php cross site scripting" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11660", "datePublished": "2024-11-25T07:00:18.844Z", "dateReserved": "2024-11-24T15:16:58.873Z", "dateUpdated": "2024-11-25T20:59:37.334Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11996
Vulnerability from cvelistv5
Published
2024-11-30 07:31
Modified
2024-12-05 16:12
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.286412 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.286412 | signature, permissions-required | |
https://vuldb.com/?submit.453702 | third-party-advisory | |
https://github.com/jaychou8023/cve/blob/main/xss1.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11996", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-05T16:11:26.771112Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-05T16:12:22.018Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "jaychou8023 (VulDB User)" }, { "lang": "en", "type": "analyst", "value": "jaychou8023 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." }, { "lang": "de", "value": "Eine Schwachstelle wurde in code-projects Farmacia 1.0 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /editar-fornecedor.php. Mittels dem Manipulieren des Arguments cidade mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross Site Scripting", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-94", "description": "Code Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-30T07:31:05.239Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-286412 | code-projects Farmacia editar-fornecedor.php cross site scripting", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.286412" }, { "name": "VDB-286412 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.286412" }, { "name": "Submit #453702 | code-projects farmacia v1.0 Cross Site Scripting", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.453702" }, { "tags": [ "exploit" ], "url": "https://github.com/jaychou8023/cve/blob/main/xss1.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-29T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-29T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-29T18:02:51.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia editar-fornecedor.php cross site scripting" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11996", "datePublished": "2024-11-30T07:31:05.239Z", "dateReserved": "2024-11-29T15:38:32.142Z", "dateUpdated": "2024-12-05T16:12:22.018Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11246
Vulnerability from cvelistv5
Published
2024-11-15 16:00
Modified
2024-11-15 16:31
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be affected as well.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.284682 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.284682 | signature, permissions-required | |
https://vuldb.com/?submit.443189 | third-party-advisory | |
https://github.com/curry136/cve/blob/main/xss8.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11246", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:29:32.497072Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T16:31:32.741Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "curry136 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter \"nome\" to be affected. But further inspection indicates that other parameters might be affected as well." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in code-projects Farmacia 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /adicionar-cliente.php. Mit der Manipulation des Arguments nome/cpf/dataNascimento mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Cross Site Scripting", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-94", "description": "Code Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T16:00:10.038Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-284682 | code-projects Farmacia adicionar-cliente.php cross site scripting", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.284682" }, { "name": "VDB-284682 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.284682" }, { "name": "Submit #443189 | code-projects farmacia-in-php 1 Cross Site Scripting", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.443189" }, { "tags": [ "exploit" ], "url": "https://github.com/curry136/cve/blob/main/xss8.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-15T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-15T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-15T08:35:54.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia adicionar-cliente.php cross site scripting" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11246", "datePublished": "2024-11-15T16:00:10.038Z", "dateReserved": "2024-11-15T07:30:46.490Z", "dateUpdated": "2024-11-15T16:31:32.741Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11968
Vulnerability from cvelistv5
Published
2024-11-28 18:00
Modified
2024-11-29 15:08
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.286351 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.286351 | signature, permissions-required | |
https://vuldb.com/?submit.452877 | third-party-advisory | |
https://github.com/xiaobai19198/cve/blob/main/sql-cve.md | related | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:code-projects:farmacia:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-11968", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-29T15:07:39.709981Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-29T15:08:29.281Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "xiaobai233 (VulDB User)" }, { "lang": "en", "type": "analyst", "value": "xiaobai233 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely." }, { "lang": "de", "value": "In code-projects Farmacia bis 1.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei pagamento.php. Durch Beeinflussen des Arguments notaFiscal mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "SQL Injection", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-28T18:00:17.415Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-286351 | code-projects Farmacia pagamento.php sql injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.286351" }, { "name": "VDB-286351 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.286351" }, { "name": "Submit #452877 | code-projects farmacia-in-php v1.0 sql injection", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.452877" }, { "tags": [ "related" ], "url": "https://github.com/xiaobai19198/cve/blob/main/sql-cve.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-28T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-28T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-28T14:25:45.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia pagamento.php sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11968", "datePublished": "2024-11-28T18:00:17.415Z", "dateReserved": "2024-11-28T09:19:05.863Z", "dateUpdated": "2024-11-29T15:08:29.281Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-11245
Vulnerability from cvelistv5
Published
2024-11-15 15:31
Modified
2024-11-15 16:42
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.284681 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.284681 | signature, permissions-required | |
https://vuldb.com/?submit.443188 | third-party-advisory | |
https://github.com/WEFNNTT/cve/blob/main/sql.md | exploit | |
https://code-projects.org/ | product |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | code-projects | Farmacia |
Version: 1.0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-11245", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:42:05.357344Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T16:42:26.323Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Farmacia", "vendor": "code-projects", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "WEFNNTT (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Eine Schwachstelle wurde in code-projects Farmacia 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /editar-produto.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "SQL Injection", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-74", "description": "Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:31:06.619Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-284681 | code-projects Farmacia editar-produto.php sql injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.284681" }, { "name": "VDB-284681 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.284681" }, { "name": "Submit #443188 | code-projects farmacia-in-php system v1.0 SQL Injection", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.443188" }, { "tags": [ "exploit" ], "url": "https://github.com/WEFNNTT/cve/blob/main/sql.md" }, { "tags": [ "product" ], "url": "https://code-projects.org/" } ], "timeline": [ { "lang": "en", "time": "2024-11-15T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-11-15T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-11-15T08:35:53.000Z", "value": "VulDB entry last update" } ], "title": "code-projects Farmacia editar-produto.php sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-11245", "datePublished": "2024-11-15T15:31:06.619Z", "dateReserved": "2024-11-15T07:30:43.751Z", "dateUpdated": "2024-11-15T16:42:26.323Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }