Code-Projects Pharmacy Management System 1.0 SQL Injection Vulnerability (CVE-2024-10139)

Key Information 1. Vulnerability ID: - VDB-280927 - CVE-2024-10139 2. Vulnerability Name: - Code-Projects Pharmacy Management System 1.0 /ADD_NEW_SUPPLIER.PHP NAME SQL INJECTION 3. CVSS Meta Temp Score: - 6.0 4. Current Vulnerability Price: - $0-$5k 5. CTI Interest Score: - 1.53 6. Affected File: - /add_new_supplier.php 7. Vulnerability Description: - The vulnerability exists in an unknown part of Code-Projects Pharmacy Management System 1.0. Manipulation of the parameter via unknown input leads to an SQL injection vulnerability. Classified as CWE-89. The product uses external, untrusted input to construct or partially construct SQL commands, without properly neutralizing or escaping special elements, which may result in SQL commands sent downstream being modified. 8. Impact: - Affects confidentiality, integrity, and availability. 9. CVE Description: - The vulnerability exists in an unknown functionality section of Code-Projects Pharmacy Management System 1.0. SQL injection is triggered via manipulation of the parameter. The attack can be initiated remotely. The vulnerability has been publicly disclosed and may be exploited. 10. Exploit Details: - The vulnerability advisory can be read on gist.github.com. - Known as CVE-2024-10139. - Exploitation appears to be easy. - Attack can be launched remotely. - Technical details and public exploits are known. - Exploitation technique is T1505, according to MITRE ATT&CK. 11. Exploit Download: - Exploit available for download on gist.github.com. - Declared as proof-of-concept. - Vulnerable targets can be found via search: . 12. Possible Mitigations: - No known mitigations. - Recommendation: Replace the affected component. 13. Related Vulnerabilities: - VDB-278612, VDB-279237, VDB-279888, VDB-279958 Summary This vulnerability exists in the file of Code-Projects Pharmacy Management System 1.0, leading to SQL injection. The CVSS score is 6.0, with a current price range of $0-$5k and a CTI interest score of 1.53. Exploitation is straightforward and can be performed remotely. It is recommended to replace the affected component to mitigate this vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

Code-Projects Pharmacy Management System 1.0 SQL Injection Vulnerability (CVE-2024-10139)