A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://code-projects.org/ | Product |
https://github.com/AXUyaku/cve/issues/1 | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.282617 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.282617 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.434785 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2024-11-01 01:15
Updated : 2024-11-05 16:21
NVD link : CVE-2024-10608
Mitre link : CVE-2024-10608
CVE.ORG link : CVE-2024-10608
JSON object : View
Products Affected
carmelogarcia
- courier_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')