CVE-2024-7118

A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/topsky979/Security-Collections/tree/main/cve9	Exploit Third Party Advisory
https://vuldb.com/?ctiid.272449	Permissions Required
https://vuldb.com/?id.272449	Third Party Advisory
https://vuldb.com/?submit.376890	Third Party Advisory
https://github.com/topsky979/Security-Collections/tree/main/cve9	Exploit Third Party Advisory
https://vuldb.com/?ctiid.272449	Permissions Required
https://vuldb.com/?id.272449	Third Party Advisory
https://vuldb.com/?submit.376890	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mdmafujulhasan:online-payroll-management-system:2023-09-11:*:*:*:*:*:*:*

History

21 Nov 2024, 09:50

Type	Values Removed	Values Added
References	~~() https://github.com/topsky979/Security-Collections/tree/main/cve9 - Exploit, Third Party Advisory~~	() https://github.com/topsky979/Security-Collections/tree/main/cve9 - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.272449 - Permissions Required~~	() https://vuldb.com/?ctiid.272449 - Permissions Required
References	~~() https://vuldb.com/?id.272449 - Third Party Advisory~~	() https://vuldb.com/?id.272449 - Third Party Advisory
References	~~() https://vuldb.com/?submit.376890 - Third Party Advisory~~	() https://vuldb.com/?submit.376890 - Third Party Advisory
CVSS	v2 : ~~6.5~~ v3 : ~~8.8~~	v2 : 6.5 v3 : 6.3

08 Aug 2024, 19:02

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mdmafujulhasan:online-payroll-management-system:2023-09-11:::::::*
References	~~() https://github.com/topsky979/Security-Collections/tree/main/cve9 -~~	() https://github.com/topsky979/Security-Collections/tree/main/cve9 - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.272449 -~~	() https://vuldb.com/?ctiid.272449 - Permissions Required
References	~~() https://vuldb.com/?id.272449 -~~	() https://vuldb.com/?id.272449 - Third Party Advisory
References	~~() https://vuldb.com/?submit.376890 -~~	() https://vuldb.com/?submit.376890 - Third Party Advisory
First Time		Mdmafujulhasan online-payroll-management-system Mdmafujulhasan
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : 6.5 v3 : 8.8

26 Jul 2024, 12:38

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad ha sido encontrada en MD-MAFUJUL-HASAN Online-Payroll-Management-System hasta 20230911 y clasificada como crítica. Una función desconocida del archivo /department_viewmore.php es afectada por esta vulnerabilidad. La manipulación del argumento id conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. Este producto adopta el enfoque de lanzamientos continuos para proporcionar una entrega continua. Por lo tanto, los detalles de las versiones afectadas y actualizadas no están disponibles. A esta vulnerabilidad se le asignó el identificador VDB-272449. NOTA: Se contactó al proveedor tempranamente sobre esta divulgación, pero no respondió de ninguna manera.

26 Jul 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-26 04:15

Updated : 2024-11-21 09:50

NVD link : CVE-2024-7118

Mitre link : CVE-2024-7118

CVE.ORG link : CVE-2024-7118

JSON object : View

Products Affected

mdmafujulhasan

online-payroll-management-system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

6.3 /10