github - ghsa-29f6-wqmr-45g7

ghsa-29f6-wqmr-45g7

Vulnerability from github

Published

2024-07-22 03:30

Modified

2024-07-22 03:30

Severity

6.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Details

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272121 was assigned to this vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-6967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-22T03:15:02Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272121 was assigned to this vulnerability.",
  "id": "GHSA-29f6-wqmr-45g7",
  "modified": "2024-07-22T03:30:24Z",
  "published": "2024-07-22T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6967"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rtsjx-cve/cve/blob/main/sql.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.272121"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.272121"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.378101"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-6967

Vulnerability from cvelistv5

Published

2024-07-22 02:31

Modified

2024-08-01 21:45

Severity

5.3 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

SourceCodester Employee and Visitor Gate Pass Logging System sql injection

References

URL	Tags
https://vuldb.com/?id.272121	vdb-entry, technical-description
https://vuldb.com/?ctiid.272121	signature, permissions-required
https://vuldb.com/?submit.378101	third-party-advisory
https://github.com/rtsjx-cve/cve/blob/main/sql.md	exploit

Impacted products

Vendor	Product
SourceCodester	Employee and Visitor Gate Pass Logging System

Show details on NVD website