Vulnerabilites related to SourceCodester - Online Courseware
CVE-2024-3423 (GCVE-0-2024-3423)
Vulnerability from cvelistv5
Published
2024-04-07 14:31
Modified
2024-08-01 20:12
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259595 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259595 | signature, permissions-required | |
| https://vuldb.com/?submit.311601 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-08.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:online_courseware_project:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "online_courseware_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3423",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T17:55:15.881323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T16:46:42.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:06.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259595 | SourceCodester Online Courseware activateteach.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259595"
},
{
"name": "VDB-259595 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259595"
},
{
"name": "Submit #311601 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311601"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-08.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Online Courseware 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/activateteach.php. The manipulation of the argument selector leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259595."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SourceCodester Online Courseware 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei admin/activateteach.php. Mittels Manipulieren des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T14:31:04.089Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259595 | SourceCodester Online Courseware activateteach.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259595"
},
{
"name": "VDB-259595 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259595"
},
{
"name": "Submit #311601 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311601"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-08.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware activateteach.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3423",
"datePublished": "2024-04-07T14:31:04.089Z",
"dateReserved": "2024-04-06T11:02:05.999Z",
"dateUpdated": "2024-08-01T20:12:06.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3420 (GCVE-0-2024-3420)
Vulnerability from cvelistv5
Published
2024-04-07 11:00
Modified
2024-08-01 20:12
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259592 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259592 | signature, permissions-required | |
| https://vuldb.com/?submit.311598 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-05.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3420",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T15:51:28.575931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T15:51:49.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259592 | SourceCodester Online Courseware saveedit.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259592"
},
{
"name": "VDB-259592 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259592"
},
{
"name": "Submit #311598 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311598"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-05.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/saveedit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259592."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SourceCodester Online Courseware 1.0 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei admin/saveedit.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T11:00:04.955Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259592 | SourceCodester Online Courseware saveedit.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259592"
},
{
"name": "VDB-259592 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259592"
},
{
"name": "Submit #311598 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311598"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-05.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware saveedit.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3420",
"datePublished": "2024-04-07T11:00:04.955Z",
"dateReserved": "2024-04-06T11:01:57.739Z",
"dateUpdated": "2024-08-01T20:12:07.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3418 (GCVE-0-2024-3418)
Vulnerability from cvelistv5
Published
2024-04-07 09:31
Modified
2025-02-26 18:53
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259590 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259590 | signature, permissions-required | |
| https://vuldb.com/?submit.311596 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-03.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:53:21.848100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:53:36.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:06.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259590 | SourceCodester Online Courseware deactivateteach.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259590"
},
{
"name": "VDB-259590 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259590"
},
{
"name": "Submit #311596 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311596"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-03.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/deactivateteach.php. The manipulation of the argument selector leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259590 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Online Courseware 1.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei admin/deactivateteach.php. Dank Manipulation des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T09:31:04.081Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259590 | SourceCodester Online Courseware deactivateteach.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259590"
},
{
"name": "VDB-259590 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259590"
},
{
"name": "Submit #311596 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311596"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-03.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware deactivateteach.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3418",
"datePublished": "2024-04-07T09:31:04.081Z",
"dateReserved": "2024-04-06T11:01:52.193Z",
"dateUpdated": "2025-02-26T18:53:36.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3425 (GCVE-0-2024-3425)
Vulnerability from cvelistv5
Published
2024-04-07 16:00
Modified
2024-08-01 20:12
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259597 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259597 | signature, permissions-required | |
| https://vuldb.com/?submit.311604 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-10.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3425",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T13:27:29.418516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T15:44:39.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:06.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259597 | SourceCodester Online Courseware activateall.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259597"
},
{
"name": "VDB-259597 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259597"
},
{
"name": "Submit #311604 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311604"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-10.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "In SourceCodester Online Courseware 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei admin/activateall.php. Durch Manipulieren des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T16:00:05.876Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259597 | SourceCodester Online Courseware activateall.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259597"
},
{
"name": "VDB-259597 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259597"
},
{
"name": "Submit #311604 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311604"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-10.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware activateall.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3425",
"datePublished": "2024-04-07T16:00:05.876Z",
"dateReserved": "2024-04-06T11:02:11.236Z",
"dateUpdated": "2024-08-01T20:12:06.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3421 (GCVE-0-2024-3421)
Vulnerability from cvelistv5
Published
2024-04-07 12:31
Modified
2024-08-01 20:12
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259593 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259593 | signature, permissions-required | |
| https://vuldb.com/?submit.311599 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-06.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:online_courseware_project:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "online_courseware_project",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3421",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T18:42:07.052210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T19:40:35.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:06.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259593 | SourceCodester Online Courseware deactivatestud.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259593"
},
{
"name": "VDB-259593 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259593"
},
{
"name": "Submit #311599 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311599"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-06.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Online Courseware 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei admin/deactivatestud.php. Durch Manipulation des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T12:31:04.503Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259593 | SourceCodester Online Courseware deactivatestud.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259593"
},
{
"name": "VDB-259593 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259593"
},
{
"name": "Submit #311599 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311599"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-06.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware deactivatestud.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3421",
"datePublished": "2024-04-07T12:31:04.503Z",
"dateReserved": "2024-04-06T11:02:00.525Z",
"dateUpdated": "2024-08-01T20:12:06.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3427 (GCVE-0-2024-3427)
Vulnerability from cvelistv5
Published
2024-04-07 17:00
Modified
2024-08-01 20:12
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross Site Scripting
Summary
A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259599 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259599 | signature, permissions-required | |
| https://vuldb.com/?submit.311606 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-12.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3427",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T16:11:32.899947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T21:05:34.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259599 | SourceCodester Online Courseware addq.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259599"
},
{
"name": "VDB-259599 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259599"
},
{
"name": "Submit #311606 | https://www.sourcecodester.com Online Courseware 1.0 reflected XSS",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311606"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-12.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in SourceCodester Online Courseware 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei addq.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T17:00:06.179Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259599 | SourceCodester Online Courseware addq.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259599"
},
{
"name": "VDB-259599 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259599"
},
{
"name": "Submit #311606 | https://www.sourcecodester.com Online Courseware 1.0 reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311606"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-12.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware addq.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3427",
"datePublished": "2024-04-07T17:00:06.179Z",
"dateReserved": "2024-04-06T11:02:17.158Z",
"dateUpdated": "2024-08-01T20:12:07.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3422 (GCVE-0-2024-3422)
Vulnerability from cvelistv5
Published
2024-04-07 13:31
Modified
2024-08-26 14:39
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259594 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259594 | signature, permissions-required | |
| https://vuldb.com/?submit.311600 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-07.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259594 | SourceCodester Online Courseware activatestud.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259594"
},
{
"name": "VDB-259594 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259594"
},
{
"name": "Submit #311600 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311600"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-07.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3422",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T14:38:43.517771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T14:39:17.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Online Courseware 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/activatestud.php. The manipulation of the argument selector leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259594 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In SourceCodester Online Courseware 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei admin/activatestud.php. Mittels dem Manipulieren des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T13:31:04.886Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259594 | SourceCodester Online Courseware activatestud.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259594"
},
{
"name": "VDB-259594 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259594"
},
{
"name": "Submit #311600 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311600"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-07.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware activatestud.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3422",
"datePublished": "2024-04-07T13:31:04.886Z",
"dateReserved": "2024-04-06T11:02:03.308Z",
"dateUpdated": "2024-08-26T14:39:17.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3426 (GCVE-0-2024-3426)
Vulnerability from cvelistv5
Published
2024-04-07 16:31
Modified
2024-08-01 20:12
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross Site Scripting
Summary
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259598 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259598 | signature, permissions-required | |
| https://vuldb.com/?submit.311605 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-11.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T15:46:43.176460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:32.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259598 | SourceCodester Online Courseware editt.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259598"
},
{
"name": "VDB-259598 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259598"
},
{
"name": "Submit #311605 | https://www.sourcecodester.com Online Courseware 1.0 reflected XSS",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311605"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-11.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in SourceCodester Online Courseware 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei editt.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T16:31:04.799Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259598 | SourceCodester Online Courseware editt.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259598"
},
{
"name": "VDB-259598 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259598"
},
{
"name": "Submit #311605 | https://www.sourcecodester.com Online Courseware 1.0 reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311605"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-11.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware editt.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3426",
"datePublished": "2024-04-07T16:31:04.799Z",
"dateReserved": "2024-04-06T11:02:14.132Z",
"dateUpdated": "2024-08-01T20:12:07.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3428 (GCVE-0-2024-3428)
Vulnerability from cvelistv5
Published
2024-04-07 17:31
Modified
2024-08-01 20:12
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross Site Scripting
Summary
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259600 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259600 | signature, permissions-required | |
| https://vuldb.com/?submit.311607 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-13.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3428",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:30:53.463333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:32:11.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259600 | SourceCodester Online Courseware edit.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259600"
},
{
"name": "VDB-259600 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259600"
},
{
"name": "Submit #311607 | https://www.sourcecodester.com Online Courseware 1.0 reflected XSS",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311607"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-13.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600."
},
{
"lang": "de",
"value": "In SourceCodester Online Courseware 1.0 wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei edit.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T17:31:04.727Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259600 | SourceCodester Online Courseware edit.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259600"
},
{
"name": "VDB-259600 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259600"
},
{
"name": "Submit #311607 | https://www.sourcecodester.com Online Courseware 1.0 reflected XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311607"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-13.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T22:28:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware edit.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3428",
"datePublished": "2024-04-07T17:31:04.727Z",
"dateReserved": "2024-04-06T11:02:20.099Z",
"dateUpdated": "2024-08-01T20:12:07.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3419 (GCVE-0-2024-3419)
Vulnerability from cvelistv5
Published
2024-04-07 10:00
Modified
2024-08-01 20:12
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259591 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259591 | signature, permissions-required | |
| https://vuldb.com/?submit.311597 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-04.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T16:09:21.706445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:31.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259591 | SourceCodester Online Courseware edit.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259591"
},
{
"name": "VDB-259591 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259591"
},
{
"name": "Submit #311597 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311597"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-04.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591."
},
{
"lang": "de",
"value": "In SourceCodester Online Courseware 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei admin/edit.php. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T10:00:05.235Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259591 | SourceCodester Online Courseware edit.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259591"
},
{
"name": "VDB-259591 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259591"
},
{
"name": "Submit #311597 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311597"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-04.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware edit.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3419",
"datePublished": "2024-04-07T10:00:05.235Z",
"dateReserved": "2024-04-06T11:01:55.124Z",
"dateUpdated": "2024-08-01T20:12:07.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0800 (GCVE-0-2025-0800)
Vulnerability from cvelistv5
Published
2025-01-29 01:31
Modified
2025-02-12 19:51
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.293922 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.293922 | signature, permissions-required | |
| https://vuldb.com/?submit.484935 | third-party-advisory | |
| https://www.sourcecodester.com/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:54:02.540972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:51:15.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Edit Teacher"
],
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ayush8816 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in SourceCodester Online Courseware 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /pcci/admin/saveeditt.php der Komponente Edit Teacher. Mit der Manipulation des Arguments fname mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T01:31:05.836Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-293922 | SourceCodester Online Courseware Edit Teacher saveeditt.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.293922"
},
{
"name": "VDB-293922 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.293922"
},
{
"name": "Submit #484935 | Sourcecodester Online Courseware 1 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.484935"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-28T15:49:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware Edit Teacher saveeditt.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0800",
"datePublished": "2025-01-29T01:31:05.836Z",
"dateReserved": "2025-01-28T14:44:13.721Z",
"dateUpdated": "2025-02-12T19:51:15.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3417 (GCVE-0-2024-3417)
Vulnerability from cvelistv5
Published
2024-04-07 05:31
Modified
2024-08-01 20:12
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259589 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259589 | signature, permissions-required | |
| https://vuldb.com/?submit.311595 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-02.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3417",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T16:54:38.667611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T20:35:24.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259589 | SourceCodester Online Courseware saveeditt.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259589"
},
{
"name": "VDB-259589 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259589"
},
{
"name": "Submit #311595 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311595"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-02.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0. This issue affects some unknown processing of the file admin/saveeditt.php. The manipulation of the argument contact leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259589 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SourceCodester Online Courseware 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei admin/saveeditt.php. Dank der Manipulation des Arguments contact mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T05:31:04.707Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259589 | SourceCodester Online Courseware saveeditt.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259589"
},
{
"name": "VDB-259589 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259589"
},
{
"name": "Submit #311595 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311595"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-02.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware saveeditt.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3417",
"datePublished": "2024-04-07T05:31:04.707Z",
"dateReserved": "2024-04-06T11:01:49.330Z",
"dateUpdated": "2024-08-01T20:12:07.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3424 (GCVE-0-2024-3424)
Vulnerability from cvelistv5
Published
2024-04-07 15:31
Modified
2024-08-21 21:20
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259596 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259596 | signature, permissions-required | |
| https://vuldb.com/?submit.311602 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-09.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259596 | SourceCodester Online Courseware listscore.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259596"
},
{
"name": "VDB-259596 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259596"
},
{
"name": "Submit #311602 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311602"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-09.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3424",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T19:20:05.650020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T21:20:13.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Online Courseware 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei admin/listscore.php. Durch das Manipulieren des Arguments title mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T15:31:04.644Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259596 | SourceCodester Online Courseware listscore.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259596"
},
{
"name": "VDB-259596 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259596"
},
{
"name": "Submit #311602 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311602"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-09.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware listscore.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3424",
"datePublished": "2024-04-07T15:31:04.644Z",
"dateReserved": "2024-04-06T11:02:08.571Z",
"dateUpdated": "2024-08-21T21:20:13.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3416 (GCVE-0-2024-3416)
Vulnerability from cvelistv5
Published
2024-04-07 03:31
Modified
2024-08-21 22:31
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.259588 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.259588 | signature, permissions-required | |
| https://vuldb.com/?submit.311593 | third-party-advisory | |
| https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-01.md | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SourceCodester | Online Courseware |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-259588 | SourceCodester Online Courseware editt.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.259588"
},
{
"name": "VDB-259588 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.259588"
},
{
"name": "Submit #311593 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.311593"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-01.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:online_courseware:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_courseware",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3416",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T19:17:15.353848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T22:31:19.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Courseware",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liuann (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. This vulnerability affects unknown code of the file admin/editt.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259588."
},
{
"lang": "de",
"value": "In SourceCodester Online Courseware 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei admin/editt.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T03:31:05.025Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-259588 | SourceCodester Online Courseware editt.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.259588"
},
{
"name": "VDB-259588 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.259588"
},
{
"name": "Submit #311593 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.311593"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-01.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-06T13:07:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Online Courseware editt.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3416",
"datePublished": "2024-04-07T03:31:05.025Z",
"dateReserved": "2024-04-06T11:01:47.168Z",
"dateUpdated": "2024-08-21T22:31:19.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}