CVE-2024-9812: code-projects Crud Operation System delete.php sql injection
First published: Thu Oct 10 2024(Updated: )
A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| code-projects Crud Operation System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-9812?
CVE-2024-9812 is classified as a critical vulnerability.
How does CVE-2024-9812 exploit SQL injection?
CVE-2024-9812 exploits SQL injection through manipulation of the 'sid' argument in the delete.php file.
What are the impacts of CVE-2024-9812?
The impact of CVE-2024-9812 includes unauthorized access to the database and potential data manipulation.
Is CVE-2024-9812 remotely exploitable?
Yes, CVE-2024-9812 can be exploited remotely by an attacker.
How can I fix CVE-2024-9812?
To fix CVE-2024-9812, validate and sanitize all user inputs, especially for the 'sid' parameter in delete.php.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/trending
- agent/tags
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- vendor/code-projects
- canonical/code-projects crud operation system
- version/code-projects crud operation system/1.0