CVE-2024-3252 - OpenCVE

A vulnerability classified as critical has been found in SourceCodester Internship Portal Management System 1.0. This affects an unknown part of the file admin/check_admin.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259101 was assigned to this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://github.com/thisissuperann/Vul/blob/main/Internship-Portal-Management-System-01
https://vuldb.com/?ctiid.259101
https://vuldb.com/?id.259101
https://vuldb.com/?submit.309212

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2024-04-03T10:00:07.120Z

Updated: 2024-04-03T10:00:07.120Z

Reserved: 2024-04-03T05:16:59.156Z

Link: CVE-2024-3252

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-03T10:15:09.687

Modified: 2024-05-17T02:39:48.477

Link: CVE-2024-3252

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-3252", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-04-03T05:16:59.156Z", "datePublished": "2024-04-03T10:00:07.120Z", "dateUpdated": "2024-04-03T10:00:07.120Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-04-03T10:00:07.120Z"}, "title": "SourceCodester Internship Portal Management System check_admin.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 SQL Injection"}]}], "affected": [{"vendor": "SourceCodester", "product": "Internship Portal Management System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in SourceCodester Internship Portal Management System 1.0. This affects an unknown part of the file admin/check_admin.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259101 was assigned to this vulnerability."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in SourceCodester Internship Portal Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei admin/check_admin.php. Durch das Manipulieren des Arguments username/password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-04-03T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-04-03T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-04-03T07:22:43.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "liuann (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.259101", "name": "VDB-259101 | SourceCodester Internship Portal Management System check_admin.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.259101", "name": "VDB-259101 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.309212", "name": "Submit #309212 | https://www.sourcecodester.com/ Internship Portal Management System 1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/thisissuperann/Vul/blob/main/Internship-Portal-Management-System-01", "tags": ["exploit"]}]}}}

{"descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in SourceCodester Internship Portal Management System 1.0. This affects an unknown part of the file admin/check_admin.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259101 was assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en SourceCodester Internship Portal Management System 1.0 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo admin/check_admin.php. La manipulaci\u00f3n del argumento nombre de usuario/contrase\u00f1a conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-259101."}], "id": "CVE-2024-3252", "lastModified": "2024-05-17T02:39:48.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-04-03T10:15:09.687", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/thisissuperann/Vul/blob/main/Internship-Portal-Management-System-01"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.259101"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.259101"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.309212"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}