CVE-2024-13007: Codezips Event Management System contact.php sql injection
First published: Sun Dec 29 2024(Updated: )
A vulnerability, which was classified as critical, was found in Codezips Event Management System 1.0. Affected is an unknown function of the file /contact.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codezips Event Management System | ||
| Codezips Event Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-13007?
CVE-2024-13007 is classified as a critical vulnerability.
How does the SQL injection in CVE-2024-13007 occur?
The SQL injection in CVE-2024-13007 occurs due to manipulation of the 'title' argument in the /contact.php file.
Can CVE-2024-13007 be exploited remotely?
Yes, CVE-2024-13007 can be exploited remotely.
Which software is affected by CVE-2024-13007?
CVE-2024-13007 affects Codezips Event Management System version 1.0.
How can I mitigate the impact of CVE-2024-13007?
To mitigate the impact of CVE-2024-13007, you should sanitize inputs and implement prepared statements in your queries.
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- vendor/codezips
- canonical/codezips event management system
- version/codezips event management system/1.0