Search criteria
54 vulnerabilities found for paypal by janobe
FKIE_CVE-2024-33969
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027id\u0027 in \u0027/AttendanceMonitoring/department/index.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente \u0027id\u0027 en el par\u00e1metro \u0027/AttendanceMonitoring/department/index.php\u0027."
}
],
"id": "CVE-2024-33969",
"lastModified": "2024-08-08T15:27:09.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:51.100",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33970
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:26
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027studid\u0027 in \u0027/candidate/controller.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente par\u00e1metro \u0027studid\u0027 en \u0027/candidate/controller.php\u0027."
}
],
"id": "CVE-2024-33970",
"lastModified": "2024-08-08T15:26:48.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:51.330",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33971
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:26
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027username\u0027 in \u0027/login.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente \u0027nombre de usuario\u0027 en el par\u00e1metro \u0027/login.php\u0027."
}
],
"id": "CVE-2024-33971",
"lastModified": "2024-08-08T15:26:31.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:51.550",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33973
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:24
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/report/attendance_print.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s de los siguientes par\u00e1metros \u0027Asistencia\u0027 y \u0027Nivel de a\u00f1o\u0027 en \u0027/report/attendance_print.php\u0027."
}
],
"id": "CVE-2024-33973",
"lastModified": "2024-08-08T15:24:35.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:51.993",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-33972
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:25
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027events\u0027 in \u0027/report/event_print.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s de los siguientes \u0027eventos\u0027 en el par\u00e1metro \u0027/report/event_print.php\u0027."
}
],
"id": "CVE-2024-33972",
"lastModified": "2024-08-08T15:25:18.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:51.773",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33965
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in '/tubigangarden/admin/mod_accomodation/index.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027view\u0027 in \u0027/tubigangarden/admin/mod_accomodation/index.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s de la siguiente \u0027vista\u0027 en el par\u00e1metro \u0027/tubigangarden/admin/mod_accomodation/index.php\u0027."
}
],
"id": "CVE-2024-33965",
"lastModified": "2024-08-08T15:28:25.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:50.223",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33964
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027id\u0027 in \u0027/admin/mod_users/index.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente \u0027id\u0027 en el par\u00e1metro \u0027/admin/mod_users/index.php\u0027."
}
],
"id": "CVE-2024-33964",
"lastModified": "2024-08-08T15:29:15.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:50.000",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33966
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027xtsearch\u0027 in \u0027/admin/mod_reports/index.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente par\u00e1metro \u0027xtsearch\u0027 en \u0027/admin/mod_reports/index.php\u0027."
}
],
"id": "CVE-2024-33966",
"lastModified": "2024-08-08T15:28:08.357",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:50.440",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33967
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027view\u0027 in \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/attendance_print.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s de la siguiente \u0027vista\u0027 en \u0027Asistencia\u0027 y \u0027Nivel de a\u00f1o\u0027 en el par\u00e1metro \u0027/AttendanceMonitoring/report/attendance_print.php\u0027."
}
],
"id": "CVE-2024-33967",
"lastModified": "2024-08-08T15:27:50.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:50.667",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33968
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/index.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s de los siguientes par\u00e1metros \u0027Asistencia\u0027 y \u0027Nivel de a\u00f1o\u0027 en \u0027/AttendanceMonitoring/report/index.php\u0027."
}
],
"id": "CVE-2024-33968",
"lastModified": "2024-08-08T15:27:34.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:50.887",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33960
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-15 14:08
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following\u00a0\u0027end\u0027 in \u0027/admin/mod_reports/printreport.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente par\u00e1metro \u0027end\u0027 en \u0027/admin/mod_reports/printreport.php\u0027."
}
],
"id": "CVE-2024-33960",
"lastModified": "2024-08-15T14:08:32.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:49.130",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-33962
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following\u00a0\u0027code\u0027 in \u0027/admin/mod_reservation/index.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente \u0027c\u00f3digo\u0027 en el par\u00e1metro \u0027/admin/mod_reservation/index.php\u0027."
}
],
"id": "CVE-2024-33962",
"lastModified": "2024-08-08T15:29:37.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:49.570",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33963
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_room/index.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027id\u0027 in \u0027/admin/mod_room/index.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente \u0027id\u0027 en el par\u00e1metro \u0027/admin/mod_room/index.php\u0027."
}
],
"id": "CVE-2024-33963",
"lastModified": "2024-08-08T15:29:09.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:49.790",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33961
Vulnerability from fkie_nvd - Published: 2024-08-06 12:15 - Updated: 2024-08-08 15:28
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| janobe | credit_card | 1.0 | |
| janobe | debit_card_payment | 1.0 | |
| janobe | paypal | 1.0 | |
| janobe | school_attendence_monitoring_system | 1.0 | |
| janobe | school_event_management_system | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:janobe:credit_card:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10CC4BF0-06E7-433F-9902-A807B816240D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:debit_card_payment:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEEFF8B-8B26-4A87-8337-845D03FBEBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:paypal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF7E11E-26AF-4E84-AD88-110350D9D25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following\u00a0\u0027code\u0027 in \u0027/admin/mod_reservation/controller.php\u0027 parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PayPal, Credit Card and Debit Card Payment que afecta a la versi\u00f3n 1.0. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una consulta especialmente manipulada al servidor y recuperando toda la informaci\u00f3n almacenada en \u00e9l a trav\u00e9s del siguiente \u0027c\u00f3digo\u0027 en el par\u00e1metro \u0027/admin/mod_reservation/controller.php\u0027."
}
],
"id": "CVE-2024-33961",
"lastModified": "2024-08-08T15:28:36.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-06T12:15:49.360",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
}
]
}
CVE-2024-33973 (GCVE-0-2024-33973)
Vulnerability from cvelistv5 – Published: 2024-08-06 11:56 – Updated: 2024-08-06 18:41
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:40:16.692380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:41:22.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/report/attendance_print.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/report/attendance_print.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:56:55.835Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33973",
"datePublished": "2024-08-06T11:56:55.835Z",
"dateReserved": "2024-04-29T12:38:37.774Z",
"dateUpdated": "2024-08-06T18:41:22.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33972 (GCVE-0-2024-33972)
Vulnerability from cvelistv5 – Published: 2024-08-06 11:56 – Updated: 2024-08-06 13:39
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:23:06.858838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:39:34.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027events\u0027 in \u0027/report/event_print.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027events\u0027 in \u0027/report/event_print.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:56:27.429Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33972",
"datePublished": "2024-08-06T11:56:27.429Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-06T13:39:34.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33971 (GCVE-0-2024-33971)
Vulnerability from cvelistv5 – Published: 2024-08-06 11:55 – Updated: 2024-08-07 18:06
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:06:16.103135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:55.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027username\u0027 in \u0027/login.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027username\u0027 in \u0027/login.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:59.506Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33971",
"datePublished": "2024-08-06T11:55:59.506Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-07T18:06:55.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33970 (GCVE-0-2024-33970)
Vulnerability from cvelistv5 – Published: 2024-08-06 11:55 – Updated: 2024-08-08 15:53
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:52:42.161702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:53:35.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027studid\u0027 in \u0027/candidate/controller.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027studid\u0027 in \u0027/candidate/controller.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:29.937Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33970",
"datePublished": "2024-08-06T11:55:29.937Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-08T15:53:35.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33969 (GCVE-0-2024-33969)
Vulnerability from cvelistv5 – Published: 2024-08-06 11:55 – Updated: 2024-08-06 14:25
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:22:41.325152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:33.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027id\u0027 in \u0027/AttendanceMonitoring/department/index.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027id\u0027 in \u0027/AttendanceMonitoring/department/index.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:02.847Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33969",
"datePublished": "2024-08-06T11:55:02.847Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-06T14:25:33.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33968 (GCVE-0-2024-33968)
Vulnerability from cvelistv5 – Published: 2024-08-06 11:54 – Updated: 2024-08-06 13:41
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:40:29.932054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:41:18.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/index.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/index.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:54:22.043Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33968",
"datePublished": "2024-08-06T11:54:22.043Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-06T13:41:18.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33967 (GCVE-0-2024-33967)
Vulnerability from cvelistv5 – Published: 2024-08-06 11:53 – Updated: 2024-08-07 18:40
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:38:46.143729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T18:40:09.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027view\u0027 in \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/attendance_print.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027view\u0027 in \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/attendance_print.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:53:34.083Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33967",
"datePublished": "2024-08-06T11:53:34.083Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-07T18:40:09.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33966 (GCVE-0-2024-33966)
Vulnerability from cvelistv5 – Published: 2024-08-06 11:21 – Updated: 2024-08-08 15:49
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Janobe | Janobe PayPal |
Affected:
1.0
|
||||||||||||
|
||||||||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:janobe_paypal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "janobe_paypal",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:janobe_credit_card:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "janobe_credit_card",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:janobe_debit_card_payment:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "janobe_debit_card_payment",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:47:31.984928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:49:30.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Janobe PayPal",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Janobe Credit Card",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Janobe Debit Card Payment",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027xtsearch\u0027 in \u0027/admin/mod_reports/index.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027xtsearch\u0027 in \u0027/admin/mod_reports/index.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:39:14.815Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33966",
"datePublished": "2024-08-06T11:21:21.534Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-08T15:49:30.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33973 (GCVE-0-2024-33973)
Vulnerability from nvd – Published: 2024-08-06 11:56 – Updated: 2024-08-06 18:41
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:40:16.692380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:41:22.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/report/attendance_print.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/report/attendance_print.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:56:55.835Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33973",
"datePublished": "2024-08-06T11:56:55.835Z",
"dateReserved": "2024-04-29T12:38:37.774Z",
"dateUpdated": "2024-08-06T18:41:22.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33972 (GCVE-0-2024-33972)
Vulnerability from nvd – Published: 2024-08-06 11:56 – Updated: 2024-08-06 13:39
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:23:06.858838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:39:34.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027events\u0027 in \u0027/report/event_print.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027events\u0027 in \u0027/report/event_print.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:56:27.429Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33972",
"datePublished": "2024-08-06T11:56:27.429Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-06T13:39:34.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33971 (GCVE-0-2024-33971)
Vulnerability from nvd – Published: 2024-08-06 11:55 – Updated: 2024-08-07 18:06
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:06:16.103135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:55.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027username\u0027 in \u0027/login.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027username\u0027 in \u0027/login.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:59.506Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33971",
"datePublished": "2024-08-06T11:55:59.506Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-07T18:06:55.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33970 (GCVE-0-2024-33970)
Vulnerability from nvd – Published: 2024-08-06 11:55 – Updated: 2024-08-08 15:53
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:52:42.161702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:53:35.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027studid\u0027 in \u0027/candidate/controller.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027studid\u0027 in \u0027/candidate/controller.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:29.937Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33970",
"datePublished": "2024-08-06T11:55:29.937Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-08T15:53:35.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33969 (GCVE-0-2024-33969)
Vulnerability from nvd – Published: 2024-08-06 11:55 – Updated: 2024-08-06 14:25
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:22:41.325152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:33.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027id\u0027 in \u0027/AttendanceMonitoring/department/index.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027id\u0027 in \u0027/AttendanceMonitoring/department/index.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:02.847Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33969",
"datePublished": "2024-08-06T11:55:02.847Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-06T14:25:33.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33968 (GCVE-0-2024-33968)
Vulnerability from nvd – Published: 2024-08-06 11:54 – Updated: 2024-08-06 13:41
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "school_event_management_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:40:29.932054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:41:18.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/index.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/index.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:54:22.043Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33968",
"datePublished": "2024-08-06T11:54:22.043Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-06T13:41:18.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33967 (GCVE-0-2024-33967)
Vulnerability from nvd – Published: 2024-08-06 11:53 – Updated: 2024-08-07 18:40
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Janobe | School Attendance Monitoring System |
Affected:
1.0
|
|||||||
|
|||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:school_attendance_monitoring_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_attendance_monitoring_system",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:38:46.143729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T18:40:09.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Attendance Monitoring System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "chool Event Management System",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027view\u0027 in \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/attendance_print.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027view\u0027 in \u0027Attendance\u0027 and \u0027YearLevel\u0027 in \u0027/AttendanceMonitoring/report/attendance_print.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:53:34.083Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33967",
"datePublished": "2024-08-06T11:53:34.083Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-07T18:40:09.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33966 (GCVE-0-2024-33966)
Vulnerability from nvd – Published: 2024-08-06 11:21 – Updated: 2024-08-08 15:49
VLAI?
Title
SQL injection in Janobe products
Summary
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Janobe | Janobe PayPal |
Affected:
1.0
|
||||||||||||
|
||||||||||||||
Credits
Rafael Pedrero
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:janobe:janobe_paypal:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "janobe_paypal",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:janobe_credit_card:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "janobe_credit_card",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:janobe:janobe_debit_card_payment:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "janobe_debit_card_payment",
"vendor": "janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:47:31.984928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:49:30.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Janobe PayPal",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Janobe Credit Card",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Janobe Debit Card Payment",
"vendor": "Janobe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafael Pedrero"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027xtsearch\u0027 in \u0027/admin/mod_reports/index.php\u0027 parameter."
}
],
"value": "SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following \u0027xtsearch\u0027 in \u0027/admin/mod_reports/index.php\u0027 parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T11:39:14.815Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no reported solution at this time."
}
],
"value": "There is no reported solution at this time."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection in Janobe products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2024-33966",
"datePublished": "2024-08-06T11:21:21.534Z",
"dateReserved": "2024-04-29T12:38:37.773Z",
"dateUpdated": "2024-08-08T15:49:30.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}