A vulnerability, which was classified as critical, was found in SourceCodester Online Graduate Tracer System up to 1.0. Affected is an unknown function of the file /tracking/admin/fetch_genderit.php. The manipulation of the argument request leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/Pingxy/cve/blob/main/sql4.md | Exploit |
https://vuldb.com/?ctiid.275142 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.275142 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.394046 | Issue Tracking Third Party Advisory VDB Entry |
https://www.sourcecodester.com/ |
Configurations
History
21 Aug 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Aug 2024, 13:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
CPE | cpe:2.3:a:tamparongj_03:online_graduate_tracer_system:1.0:*:*:*:*:*:*:* | |
First Time |
Tamparongj 03
Tamparongj 03 online Graduate Tracer System |
|
References | () https://github.com/Pingxy/cve/blob/main/sql4.md - Exploit | |
References | () https://vuldb.com/?ctiid.275142 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.275142 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.394046 - Issue Tracking, Third Party Advisory, VDB Entry |
20 Aug 2024, 15:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
20 Aug 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-20 02:15
Updated : 2024-08-21 19:15
NVD link : CVE-2024-7949
Mitre link : CVE-2024-7949
CVE.ORG link : CVE-2024-7949
JSON object : View
Products Affected
tamparongj_03
- online_graduate_tracer_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')