A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
History

Wed, 21 Aug 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Janobe
Janobe point Of Sales And Inventory Management System
CPEs cpe:2.3:a:janobe:point_of_sales_and_inventory_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Janobe
Janobe point Of Sales And Inventory Management System

Tue, 20 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester point Of Sales And Inventory Management System
CPEs cpe:2.3:a:sourcecodester:point_of_sales_and_inventory_management_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester point Of Sales And Inventory Management System
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 20 Aug 2024 02:00:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title SourceCodester Point of Sales and Inventory Management System login.php sql injection
Weaknesses CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-20T01:31:05.292Z

Updated: 2024-08-20T16:22:32.385Z

Reserved: 2024-08-19T15:25:40.362Z

Link: CVE-2024-7947

cve-icon Vulnrichment

Updated: 2024-08-20T16:22:25.653Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-20T02:15:06.337

Modified: 2024-08-21T13:53:38.750

Link: CVE-2024-7947

cve-icon Redhat

No data.