关键信息 1. 漏洞名称: - Code-Projects Vehicle Management 1.0 /EDIT1.PHP SNO SQL INJECTION 2. 漏洞编号: - VDB-278265 - CVE-2024-9087 3. CVSS Meta Temp Score: - 6.9 4. 当前漏洞价格: - $0-$5k 5. CTI Interest Score: - 2.86 6. 漏洞描述: - A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown functionality of the file /edit1.php. The manipulation of the argument sno with an unknown input leads to a sql injection vulnerability. 7. 影响: - This is going to have an impact on confidentiality, integrity, and availability. 8. CVE描述: - A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /edit1.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 9. 漏洞公开时间: - The exploit has been disclosed to the public and may be used. 10. 漏洞公开平台: - github.com 11. 漏洞唯一标识符: - CVE-2024-9087 12. 漏洞利用难度: - The exploitability is told to be easy. 13. 远程攻击可能性: - It is possible to initiate the attack remotely. 14. 无需认证: - No form of authentication is needed for exploitation. 15. 技术细节和公共利用: - Technical details and a public exploit are known. 16. MITRE ATT&CK项目: - MITRE ATT&CK project uses the attack technique T1505 for this issue. 17. 利用下载: - The exploit is shared for download at github.com. 18. 漏洞类型: - SQL Injection 19. 可能的缓解措施: - It may be suggested to replace the affected object with an alternative product. 20. 相似漏洞: - Similar entry is available at VDB-239896.