A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tbl_person_id/first_name/middle_name/last_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 10 Sep 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Rems
Rems php Crud
CPEs cpe:2.3:a:rems:php_crud:1.0:*:*:*:*:*:*:*
Vendors & Products Rems
Rems php Crud

Mon, 09 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Egavilanmedia
Egavilanmedia phpcrud
CPEs cpe:2.3:a:egavilanmedia:phpcrud:1.0:*:*:*:*:*:*:*
Vendors & Products Egavilanmedia
Egavilanmedia phpcrud
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 07 Sep 2024 20:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tbl_person_id/first_name/middle_name/last_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Title SourceCodester PHP CRUD update.php sql injection
Weaknesses CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-09-07T20:31:03.916Z

Updated: 2024-09-09T13:33:44.484Z

Reserved: 2024-09-06T21:36:41.601Z

Link: CVE-2024-8564

cve-icon Vulnrichment

Updated: 2024-09-09T13:23:23.659Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-07T21:15:10.160

Modified: 2024-09-10T15:38:42.570

Link: CVE-2024-8564

cve-icon Redhat

No data.