← Zuruck zu CVEs
CVE-2024-36673
CRITICAL9.8
Beschreibung
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/7/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
pharmacy\/medical_store_point_of_sale_system_project:pharmacy\/medical_store_point_of_sale_system
Schwachen (CWE)
CWE-89CWE-89
Referenzen
https://github.com/CveSecLook/cve/issues/39(cve@mitre.org)
https://github.com/CveSecLook/cve/issues/39(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.