MEDIUM🇵🇱 Wersja polska

CVE-2024-5048

CVSS 5.3v4.0pub. 2024-05-17upd. 2025-03-03

A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264745 was assigned to this vulnerability.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Code Projects Budget Management

    APP
    Code-Projects
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-34955CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Code-Projects Budget Management via parametr delete

CVE-2024-34954MEDIUM6.1ten sam produkt

Code-projects Budget Management 1.0 is vulnerable to Cross Site Scripting (XSS) via the budget parameter.

CVE-2025-60306CRITICAL9.9PL ✓ten sam vendor

Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień

CVE-2023-41505CRITICAL9.8PL ✓ten sam vendor

Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP

CVE-2024-24093CRITICAL9.8PL ✓ten sam vendor

SQL Injection w Code-Projects Scholars Tracking System 1.0