github - ghsa-9q39-8jrg-38mq

ghsa-9q39-8jrg-38mq

Vulnerability from github

Published

2024-07-15 03:30

Modified

2024-07-15 03:30

Severity

6.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Details

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file view_employee.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271457 was assigned to this vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-6736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-15T01:15:02Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file view_employee.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271457 was assigned to this vulnerability.",
  "id": "GHSA-9q39-8jrg-38mq",
  "modified": "2024-07-15T03:30:57Z",
  "published": "2024-07-15T03:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6736"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ljllll123/cve/blob/main/sql.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.271457"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.271457"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.374485"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-6736

Vulnerability from cvelistv5

Published

2024-07-15 00:31

Modified

2024-08-01 21:41

Severity

5.3 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

SourceCodester Employee and Visitor Gate Pass Logging System view_employee.php sql injection

References

URL	Tags
https://vuldb.com/?id.271457	vdb-entry, technical-description
https://vuldb.com/?ctiid.271457	signature, permissions-required
https://vuldb.com/?submit.374485	third-party-advisory
https://github.com/ljllll123/cve/blob/main/sql.md	exploit

Impacted products

Vendor	Product
SourceCodester	Employee and Visitor Gate Pass Logging System

Show details on NVD website