CVE-2024-10739

A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as part of String leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "email" to be affected. But it must be assumed that parameter "admin_pswd" is affected as well.
References
Link Resource
https://code-projects.org/ Product
https://github.com/UnrealdDei/cve/blob/main/sql11.md Exploit
https://vuldb.com/?ctiid.282908 Permissions Required VDB Entry
https://vuldb.com/?id.282908 Third Party Advisory VDB Entry
https://vuldb.com/?submit.436014 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*

History

05 Nov 2024, 20:16

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad, que se ha clasificado como crítica, en code-projects E-Health Care System 1.0. Este problema afecta a una funcionalidad desconocida del archivo /Admin/adminlogin.php. La manipulación del argumento email/admin_pswd como parte de String provoca una inyección SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse. El aviso inicial para investigadores solo menciona que el parámetro "email" se verá afectado, pero se debe asumir que el parámetro "admin_pswd" también se verá afectado.
CPE cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*
First Time Anisha
Anisha e-health Care System
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/UnrealdDei/cve/blob/main/sql11.md - () https://github.com/UnrealdDei/cve/blob/main/sql11.md - Exploit
References () https://vuldb.com/?ctiid.282908 - () https://vuldb.com/?ctiid.282908 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.282908 - () https://vuldb.com/?id.282908 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.436014 - () https://vuldb.com/?submit.436014 - Third Party Advisory, VDB Entry

03 Nov 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-03 18:15

Updated : 2024-11-05 20:16


NVD link : CVE-2024-10739

Mitre link : CVE-2024-10739

CVE.ORG link : CVE-2024-10739


JSON object : View

Products Affected

anisha

  • e-health_care_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')