CVE-2024-36673

{"id": "CVE-2024-36673", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-06-07T13:15:49.547", "references": [{"url": "https://github.com/CveSecLook/cve/issues/39", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/CveSecLook/cve/issues/39", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries."}, {"lang": "es", "value": "Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de login.php. Esta vulnerabilidad se debe a una validaci\u00f3n inadecuada de las entradas del usuario para los par\u00e1metros de correo electr\u00f3nico y contrase\u00f1a, lo que permite a los atacantes inyectar consultas SQL maliciosas."}], "lastModified": "2024-11-21T09:22:30.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pharmacy\\/medical_store_point_of_sale_system_project:pharmacy\\/medical_store_point_of_sale_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F27B3402-54AA-4DAF-BEF4-E6E6EB9EFEC1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}