CVE-2024-10609

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/Lanxiy7th/lx_CVE_report-/issues/17 Exploit Third Party Advisory
https://itsourcecode.com/ Product
https://vuldb.com/?ctiid.282621 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.282621 Third Party Advisory VDB Entry
https://vuldb.com/?submit.434841 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:angeljudesuarez:tailoring_management_system:1.0:*:*:*:*:*:*:*

History

05 Nov 2024, 16:22

Type Values Removed Values Added
CPE cpe:2.3:a:angeljudesuarez:tailoring_management_system:1.0:*:*:*:*:*:*:*
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en itsourcecode Tailoring Management System Project 1.0. Afecta a una parte desconocida del archivo typeadd.php. La manipulación del argumento sex provoca inyección SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
First Time Angeljudesuarez tailoring Management System
Angeljudesuarez
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
References () https://github.com/Lanxiy7th/lx_CVE_report-/issues/17 - () https://github.com/Lanxiy7th/lx_CVE_report-/issues/17 - Exploit, Third Party Advisory
References () https://itsourcecode.com/ - () https://itsourcecode.com/ - Product
References () https://vuldb.com/?ctiid.282621 - () https://vuldb.com/?ctiid.282621 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.282621 - () https://vuldb.com/?id.282621 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.434841 - () https://vuldb.com/?submit.434841 - Third Party Advisory, VDB Entry

01 Nov 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-01 01:15

Updated : 2024-11-05 16:22


NVD link : CVE-2024-10609

Mitre link : CVE-2024-10609

CVE.ORG link : CVE-2024-10609


JSON object : View

Products Affected

angeljudesuarez

  • tailoring_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')