A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://1000projects.org/ | Product |
https://github.com/Hacker0xone/CVE/issues/8 | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.284711 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.284711 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.443370 | Third Party Advisory VDB Entry |
Configurations
History
19 Nov 2024, 21:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://1000projects.org/ - Product | |
References | () https://github.com/Hacker0xone/CVE/issues/8 - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.284711 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.284711 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.443370 - Third Party Advisory, VDB Entry | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
First Time |
1000projects
1000projects portfolio Management System Mca |
|
CPE | cpe:2.3:a:1000projects:portfolio_management_system_mca:1.0:*:*:*:*:*:*:* |
18 Nov 2024, 17:11
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Nov 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-15 20:15
Updated : 2024-11-19 21:49
NVD link : CVE-2024-11256
Mitre link : CVE-2024-11256
CVE.ORG link : CVE-2024-11256
JSON object : View
Products Affected
1000projects
- portfolio_management_system_mca