SQL Injection in Code-Projects CRUD Operation System 1.0 update.php (CVE-2024-9011)

Key Information 1. Vulnerability ID: - VDB-278166 - CVE-2024-9011 2. Vulnerability Name: - Code-Projects CRUD Operation System 1.0 - SID SQL Injection 3. CVSS Meta Temp Score: - 6.0 4. Current Vulnerability Price: - $0-$5k 5. CTI Interest Score: - 2.48 6. Vulnerability Description: - A vulnerability classified as "critical" was discovered in an unknown function within the file. - Manipulating the parameter via unknown input leads to an SQL injection vulnerability. - The product constructs or partially constructs SQL commands using external, untrusted input, without properly neutralizing or failing to neutralize special elements that could alter the intended SQL command. - This impacts confidentiality, integrity, and availability. 7. Vulnerability Impact: - Affects the file in an unknown function. - Can be exploited remotely. - Publicly disclosed and potentially exploitable. 8. Exploit Availability: - Exploit available on GitHub. - Exploit marked as "easy". - Known technical details and public exploit available. - Assigned as T1505 by MITRE ATT&CK. 9. Exploit Download: - Exploit downloadable from GitHub. - Declared as "proof-of-concept". 10. Search Suggestions: - Use to search for potential vulnerable targets. 11. Recommended Actions: - No known remediation available. - Recommend replacing the affected component. 12. Related Vulnerability IDs: - VDB-246098 - VDB-247233 - VDB-247907 - VDB-250693 Summary This vulnerability is an SQL injection flaw affecting the file in Code-Projects CRUD Operation System 1.0. Classified as "critical," it can be exploited remotely. The exploit is publicly available and can be downloaded from GitHub. It is recommended to replace the affected component to prevent exploitation.

Goal Reached Thanks to every supporter — we hit 100%!

SQL Injection in Code-Projects CRUD Operation System 1.0 update.php (CVE-2024-9011)