CVE-2024-6967

22 Jul 2024

Título es

CVE-2024-6967

Lun, 22/07/2024 – 03:15

Tipo

CWE-89

Gravedad v2.0

6.50

Gravedad 2.0 Txt

MEDIUM

Título en

CVE-2024-6967

Descripción en

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272121 was assigned to this vulnerability.

22/07/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0

AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 3.1 (CVSS 3.1 Base Score)

6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/rtsjx-cve/cve/blob/main/sql.md

https://vuldb.com/?ctiid_272121=