CVE-2024-12007: code-projects Farmacia visualizar-produto.php sql injection
First published: Sun Dec 01 2024(Updated: )
A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| code-projects Farmacia | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-12007?
CVE-2024-12007 is classified as a critical severity vulnerability.
How does CVE-2024-12007 allow an attacker to exploit the system?
CVE-2024-12007 allows an attacker to perform SQL injection by manipulating the 'id' argument in the /visualizar-produto.php file.
Which software versions are affected by CVE-2024-12007?
CVE-2024-12007 affects version 1.0 of code-projects Farmacia.
How can I mitigate the risk associated with CVE-2024-12007?
To mitigate the risk of CVE-2024-12007, you should sanitize and validate all user inputs to prevent SQL injection vulnerabilities.
Can CVE-2024-12007 be exploited remotely?
Yes, CVE-2024-12007 can be exploited remotely.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/code-projects
- canonical/code-projects farmacia
- version/code-projects farmacia/1.0