{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-0498","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-01-12T12:41:59.649Z","datePublished":"2024-01-13T18:00:05.507Z","dateUpdated":"2025-06-17T21:09:21.801Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-02-09T19:10:59.759Z"},"title":"Project Worlds Lawyer Management System searchLawyer.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"Project Worlds","product":"Lawyer Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250603."},{"lang":"de","value":"In Project Worlds Lawyer Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei searchLawyer.php. Dank Manipulation des Arguments experience mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-01-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-01-12T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2024-01-12T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-02-02T15:04:45.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"heishou (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.250603","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.250603","tags":["signature","permissions-required"]},{"url":"https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc","tags":["broken-link","exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:04:49.783Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.250603","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.250603","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc","tags":["broken-link","exploit","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-0498","role":"CISA Coordinator","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-01-16T16:10:36.737691Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-17T21:09:21.801Z"}}]}}