A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Mon, 18 Nov 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 online Veterinary Appointment System
CPEs cpe:2.3:a:oretnom23:online_veterinary_appointment_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 online Veterinary Appointment System

Fri, 08 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Veterinary Appointment System
CPEs cpe:2.3:a:sourcecodester:online_veterinary_appointment_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester online Veterinary Appointment System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 08 Nov 2024 04:45:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Title SourceCodester Online Veterinary Appointment System view_service.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-08T04:31:05.695Z

Updated: 2024-11-08T14:58:58.134Z

Reserved: 2024-11-07T20:27:25.989Z

Link: CVE-2024-10990

cve-icon Vulnrichment

Updated: 2024-11-08T14:58:51.053Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-08T05:15:05.690

Modified: 2024-11-18T18:42:26.973

Link: CVE-2024-10990

cve-icon Redhat

No data.