CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:angeljudesuarez:construction_management_system:1.0:*:*:*:*:*:*:*

History

14 Nov 2024, 14:54

Type Values Removed Values Added
First Time Angeljudesuarez construction Management System
Angeljudesuarez
References () https://github.com/Akhlak2511/CVE-2024-50971 - () https://github.com/Akhlak2511/CVE-2024-50971 - Third Party Advisory
References () https://itsourcecode.com/free-projects/php-project/construction-management-system-project-in-php-with-source-code/ - () https://itsourcecode.com/free-projects/php-project/construction-management-system-project-in-php-with-source-code/ - Product
CPE cpe:2.3:a:angeljudesuarez:construction_management_system:1.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
Summary
  • (es) Una vulnerabilidad de inyección SQL en print.php de Itsourcecode Construction Management System 1.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro map_id.
CWE CWE-89

13 Nov 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-13 16:15

Updated : 2024-11-18 20:35


NVD link : CVE-2024-50971

Mitre link : CVE-2024-50971

CVE.ORG link : CVE-2024-50971


JSON object : View

Products Affected

angeljudesuarez

  • construction_management_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')