CVE-2002-0640 n/a n/a Date de parution : 2002-07-03T04:00:00.000 Date de modification : 2024-07-01T11:15:02.953 Disponibilité Integrité Confidentialité Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt). ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502 http://marc.info/?l=bugtraq&m=102514371522793&w=2 http://marc.info/?l=bugtraq&m=102514631524575&w=2 http://marc.info/?l=bugtraq&m=102521542826833&w=2 http://marc.info/?l=bugtraq&m=102532054613894&w=2 http://www.cert.org/advisories/CA-2002-18.html http://www.debian.org/security/2002/dsa-134 http://www.kb.cert.org/vuls/id/369347 http://www.linuxsecurity.com/advisories/other_advisory-2177.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040 http://www.novell.com/linux/security/advisories/2002_024_openssh_txt.html http://www.openwall.com/lists/oss-security/2024/07/01/3 http://www.osvdb.org/839 http://www.redhat.com/support/errata/RHSA-2002-127.html http://www.redhat.com/support/errata/RHSA-2002-131.html http://www.securityfocus.com/bid/5093 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195 En savoir plus
CVE-2003-0693 n/a n/a Date de parution : 2003-09-22T04:00:00.000 Date de modification : 2024-07-01T11:15:03.240 Disponibilité Integrité Confidentialité Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html http://marc.info/?l=bugtraq&m=106373247528528&w=2 http://marc.info/?l=bugtraq&m=106373546332230&w=2 http://marc.info/?l=bugtraq&m=106374466212309&w=2 http://marc.info/?l=bugtraq&m=106381396120332&w=2 http://marc.info/?l=bugtraq&m=106381409220492&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1 http://www.cert.org/advisories/CA-2003-24.html http://www.debian.org/security/2003/dsa-382 http://www.debian.org/security/2003/dsa-383 http://www.kb.cert.org/vuls/id/333628 http://www.mandriva.com/security/advisories?name=MDKSA-2003:090 http://www.openssh.com/txt/buffer.adv http://www.openwall.com/lists/oss-security/2024/07/01/3 http://www.redhat.com/support/errata/RHSA-2003-280.html https://exchange.xforce.ibmcloud.com/vulnerabilities/13191 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447 En savoir plus
CVE-2008-4109 n/a n/a Date de parution : 2008-09-18T15:04:27.437 Date de modification : 2024-07-01T11:15:03.910 Disponibilité Integrité Confidentialité Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://secunia.com/advisories/31885 http://secunia.com/advisories/32080 http://secunia.com/advisories/32181 http://www.debian.org/security/2008/dsa-1638 http://www.openwall.com/lists/oss-security/2024/07/01/3 http://www.securitytracker.com/id?1020891 http://www.ubuntu.com/usn/usn-649-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/45202 En savoir plus
CVE-2023-42464 n/a n/a CRITICAL 9.8 Date de parution : 2023-09-20T15:15:11.817 Date de modification : 2024-07-01T09:15:06.080 Disponibilité Integrité Confidentialité HIGH HIGH HIGH Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. ExploitabilityScore : 3.9 impactScore : 5.9 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://github.com/Netatalk/netatalk/issues/486 https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html https://netatalk.io/security/CVE-2023-42464 https://netatalk.sourceforge.io/ https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html https://netatalk.sourceforge.io/CVE-2023-42464.php https://www.debian.org/security/2023/dsa-5503 En savoir plus
CVE-2024-0153 Arm Ltd Valhall GPU Firmware Date de parution : 2024-07-01T09:15:06.343 Date de modification : 2024-07-01T09:15:06.343 Disponibilité Integrité Confidentialité Editeur : Arm Ltd Produit : Valhall GPU Firmware Version : r29p0 Probleme : CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Description : Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities En savoir plus
CVE-2024-20076 MediaTek, Inc. MT2731, MT6739, MT6761, MT6762, MT6763, MT6765, MT6767, MT6768, MT6769, MT6771, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788 Date de parution : 2024-07-01T05:15:03.957 Date de modification : 2024-07-01T05:15:03.957 Disponibilité Integrité Confidentialité Editeur : MediaTek, Inc. Produit : MT2731, MT6739, MT6761, MT6762, MT6763, MT6765, MT6767, MT6768, MT6769, MT6771, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788 Version : Modem LR12A Probleme : CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Description : In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://corp.mediatek.com/product-security-bulletin/July-2024 En savoir plus
CVE-2024-20077 MediaTek, Inc. MT2731, MT6739, MT6761, MT6762, MT6763, MT6765, MT6767, MT6768, MT6769, MT6771, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788 Date de parution : 2024-07-01T05:15:04.133 Date de modification : 2024-07-01T05:15:04.133 Disponibilité Integrité Confidentialité Editeur : MediaTek, Inc. Produit : MT2731, MT6739, MT6761, MT6762, MT6763, MT6765, MT6767, MT6768, MT6769, MT6771, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788 Version : Modem LR12A Probleme : CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Description : In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://corp.mediatek.com/product-security-bulletin/July-2024 En savoir plus
CVE-2024-20078 MediaTek, Inc. MT6768, MT6779, MT8321, MT8385, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8792, MT8795T, MT8796, MT8797, MT8798 Date de parution : 2024-07-01T05:15:04.227 Date de modification : 2024-07-01T05:15:04.227 Disponibilité Integrité Confidentialité Editeur : MediaTek, Inc. Produit : MT6768, MT6779, MT8321, MT8385, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8792, MT8795T, MT8796, MT8797, MT8798 Version : Android 12.0, 13.0, 14.0 Probleme : CWE-843 Type Confusion Description : In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://corp.mediatek.com/product-security-bulletin/July-2024 En savoir plus
CVE-2024-20079 MediaTek, Inc. MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676, MT8678 Date de parution : 2024-07-01T05:15:04.333 Date de modification : 2024-07-01T05:15:04.333 Disponibilité Integrité Confidentialité Editeur : MediaTek, Inc. Produit : MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT8666, MT8667, MT8673, MT8676, MT8678 Version : Android 13.0, 14.0 Probleme : CWE-787 Out-of-bounds Write Description : In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://corp.mediatek.com/product-security-bulletin/July-2024 En savoir plus
CVE-2024-20080 MediaTek, Inc. MT2735, MT2737, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8666, MT8667, MT8673, MT8676, MT8678 Date de parution : 2024-07-01T05:15:04.430 Date de modification : 2024-07-01T05:15:04.430 Disponibilité Integrité Confidentialité Editeur : MediaTek, Inc. Produit : MT2735, MT2737, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8666, MT8667, MT8673, MT8676, MT8678 Version : Android 13.0, 14.0 / Yocto 2.6, 3.3, 4.0 / RDK-B 22Q3 Probleme : CWE-295 Improper Certificate Validation Description : In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://corp.mediatek.com/product-security-bulletin/July-2024 En savoir plus
CVE-2024-20081 MediaTek, Inc. MT2735, MT2737, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8666, MT8667, MT8673, MT8676, MT8678 Date de parution : 2024-07-01T05:15:04.520 Date de modification : 2024-07-01T05:15:04.520 Disponibilité Integrité Confidentialité Editeur : MediaTek, Inc. Produit : MT2735, MT2737, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8666, MT8667, MT8673, MT8676, MT8678 Version : Android 13.0, 14.0 / openWRT 19.07, 21.02, 23.05 / Yocto 2.6, 3.3, 4.0 / RDK-B 22Q3 Probleme : CWE-787 Out-of-bounds Write Description : In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://corp.mediatek.com/product-security-bulletin/July-2024 En savoir plus
CVE-2024-3122 CHANGING Mobile One Time Password MEDIUM 4.9 Date de parution : 2024-07-01T05:15:04.693 Date de modification : 2024-07-01T05:15:04.693 Disponibilité Integrité Confidentialité NONE NONE HIGH Editeur : CHANGING Produit : Mobile One Time Password Version : earlier Probleme : CWE-23: Relative Path Traversal Description : CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system. ExploitabilityScore : 1.2 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : HIGH userInteraction : NONE scope : UNCHANGED references : https://www.twcert.org.tw/en/cp-139-7912-4c800-2.html https://www.twcert.org.tw/tw/cp-132-7911-0962e-1.html En savoir plus
CVE-2024-38480 Kakao piccoma Corp. "Piccoma" App for Android Date de parution : 2024-07-01T05:15:04.613 Date de modification : 2024-07-01T05:15:04.613 Disponibilité Integrité Confidentialité Editeur : Kakao piccoma Corp. Produit : "Piccoma" App for Android Version : prior to 6.20.0 Probleme : Use of Hard-coded Credentials Description : "Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983 https://jvn.jp/en/jp/JVN01073312/ https://play.google.com/store/apps/details?id=jp.kakao.piccoma En savoir plus
CVE-2024-39427 Unisoc (Shanghai) Technologies Co., Ltd. SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 MEDIUM 5.1 Date de parution : 2024-07-01T09:15:06.493 Date de modification : 2024-07-01T09:15:06.493 Disponibilité Integrité Confidentialité LOW LOW NONE Editeur : Unisoc (Shanghai) Technologies Co., Ltd. Produit : SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 Version : Android12/Android13/Android14 Probleme : cwe-787 Out-of-bounds Write Description : In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed ExploitabilityScore : 2.5 impactScore : 2.5 attackVector : LOCAL attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762 En savoir plus
CVE-2024-39428 Unisoc (Shanghai) Technologies Co., Ltd. SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 MEDIUM 6.8 Date de parution : 2024-07-01T09:15:06.720 Date de modification : 2024-07-01T09:15:06.720 Disponibilité Integrité Confidentialité HIGH LOW NONE Editeur : Unisoc (Shanghai) Technologies Co., Ltd. Produit : SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 Version : Android12/Android13/Android14 Probleme : cwe-787 Out-of-bounds Write Description : In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed ExploitabilityScore : 2.5 impactScore : 4.2 attackVector : LOCAL attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762 En savoir plus
CVE-2024-39429 Unisoc (Shanghai) Technologies Co., Ltd. SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618 MEDIUM 5.1 Date de parution : 2024-07-01T09:15:06.893 Date de modification : 2024-07-01T09:15:06.893 Disponibilité Integrité Confidentialité LOW LOW NONE Editeur : Unisoc (Shanghai) Technologies Co., Ltd. Produit : SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618 Version : Android12 Probleme : cwe-787 Out-of-bounds Write Description : In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed ExploitabilityScore : 2.5 impactScore : 2.5 attackVector : LOCAL attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762 En savoir plus
CVE-2024-39430 Unisoc (Shanghai) Technologies Co., Ltd. SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618 MEDIUM 5.1 Date de parution : 2024-07-01T09:15:07.070 Date de modification : 2024-07-01T09:15:07.070 Disponibilité Integrité Confidentialité LOW LOW NONE Editeur : Unisoc (Shanghai) Technologies Co., Ltd. Produit : SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618 Version : Android12 Probleme : cwe-787 Out-of-bounds Write Description : In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed ExploitabilityScore : 2.5 impactScore : 2.5 attackVector : LOCAL attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://www.unisoc.com/en_us/secy/announcementDetail/1807576926177525762 En savoir plus
CVE-2024-4934 Unknown Quiz and Survey Master (QSM) Date de parution : 2024-07-01T06:15:23.847 Date de modification : 2024-07-01T06:15:23.847 Disponibilité Integrité Confidentialité Editeur : Unknown Produit : Quiz and Survey Master (QSM) Version : 0 Probleme : CWE-79 Cross-Site Scripting (XSS) Description : The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://wpscan.com/vulnerability/a2270ee1-3211-4b16-b3d7-6cdd732f7155/ En savoir plus
CVE-2024-5710 berriai berriai/litellm MEDIUM 5.3 Date de parution : 2024-06-27T19:15:15.667 Date de modification : 2024-07-01T10:15:30.183 Disponibilité Integrité Confidentialité NONE HIGH NONE Editeur : berriai Produit : berriai/litellm Version : unspecified Probleme : CWE-284 Improper Access Control Description : berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization. ExploitabilityScore : 1.6 impactScore : 3.6 attackVector : NETWORK attackComplexity : HIGH privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://huntr.com/bounties/70897f59-a966-4d93-b71e-745e3da91970 En savoir plus
CVE-2024-6130 Unknown Form Maker by 10Web Date de parution : 2024-07-01T06:15:23.957 Date de modification : 2024-07-01T06:15:23.957 Disponibilité Integrité Confidentialité Editeur : Unknown Produit : Form Maker by 10Web Version : 0 Probleme : CWE-79 Cross-Site Scripting (XSS) Description : The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://wpscan.com/vulnerability/bbed2968-4bd6-49ae-bd61-8a1f751e7041/ En savoir plus
CVE-2024-6419 SourceCodester Medicine Tracker System MEDIUM 6.3 Date de parution : 2024-07-01T00:15:01.950 Date de modification : 2024-07-01T00:15:01.950 Disponibilité Integrité Confidentialité LOW LOW LOW Editeur : SourceCodester Produit : Medicine Tracker System Version : 1.0 Probleme : CWE-89 SQL Injection Description : A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=save_medicine. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270010 is the identifier assigned to this vulnerability. ExploitabilityScore : 2.8 impactScore : 3.4 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://github.com/jadu101/CVE/blob/main/SourceCodester_Medicine_Tracker_System_Master_php_sqli.md https://vuldb.com/?ctiid.270010 https://vuldb.com/?id.270010 https://vuldb.com/?submit.365247 En savoir plus