github - ghsa-v589-hwp6-crrx

ghsa-v589-hwp6-crrx

Vulnerability from github

Published

2024-09-07 15:30

Modified

2024-09-07 15:30

Severity

6.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Details

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. This affects an unknown part of the file /foms/routers/cancel-order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-8557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-07T15:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. This affects an unknown part of the file /foms/routers/cancel-order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-v589-hwp6-crrx",
  "modified": "2024-09-07T15:30:30Z",
  "published": "2024-09-07T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8557"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tldjgggg/cve/blob/main/sql2.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.276777"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.276777"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.403082"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-8557

Vulnerability from cvelistv5

Published

2024-09-07 15:00

Modified

2024-09-09 17:46

Severity

5.3 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

SourceCodester Food Ordering Management System cancel-order.php sql injection

References

URL	Tags
https://vuldb.com/?id.276777	vdb-entry, technical-description
https://vuldb.com/?ctiid.276777	signature, permissions-required
https://vuldb.com/?submit.403082	third-party-advisory
https://github.com/tldjgggg/cve/blob/main/sql2.md	exploit
https://www.sourcecodester.com/	product

Impacted products

Vendor	Product
SourceCodester	Food Ordering Management System

Show details on NVD website