CVE-2024-12785

A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:angeljudesuarez:vehicle_management_system:1.0:*:*:*:*:*:*:*

History

07 Feb 2025, 14:58

Type Values Removed Values Added
CPE cpe:2.3:a:angeljudesuarez:vehicle_management_system:1.0:*:*:*:*:*:*:*
First Time Angeljudesuarez vehicle Management System
Angeljudesuarez
References () https://github.com/FinleyTang/Vehicle-Management-System/blob/main/Vehicle%20Management%20System%20sendmail.php%20has%20Sqlinjection.pdf - () https://github.com/FinleyTang/Vehicle-Management-System/blob/main/Vehicle%20Management%20System%20sendmail.php%20has%20Sqlinjection.pdf - Exploit, Third Party Advisory
References () https://itsourcecode.com/ - () https://itsourcecode.com/ - Product
References () https://vuldb.com/?ctiid.288961 - () https://vuldb.com/?ctiid.288961 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.288961 - () https://vuldb.com/?id.288961 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.462631 - () https://vuldb.com/?submit.462631 - Third Party Advisory, VDB Entry

19 Dec 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-12-19 15:15

Updated : 2025-02-07 14:58


NVD link : CVE-2024-12785

Mitre link : CVE-2024-12785

CVE.ORG link : CVE-2024-12785


JSON object : View

Products Affected

angeljudesuarez

  • vehicle_management_system
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')