MEDIUM🇬🇧 English

CVE-2024-5048

CVSS 5.3v4.0pub. 2024-05-17upd. 2025-03-03

A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264745 was assigned to this vulnerability.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Code Projects Budget Management

    APP
    Code-Projects
    1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2024-34955CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Code-Projects Budget Management via parametr delete

CVE-2024-34954MEDIUM6.1ten sam produkt

Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.

CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor

Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień

CVE-2023-41505CRITICAL9.8PL ✓ten sam vendor

Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP

CVE-2024-24093CRITICAL9.8PL ✓ten sam vendor

SQL Injection w Code-Projects Scholars Tracking System 1.0

CVE-2024-5048 — MEDIUM 5.3 | CVEbaza.pl