{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2480","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-03-15T00:13:52.889Z","datePublished":"2024-03-15T06:00:05.377Z","dateUpdated":"2024-08-02T18:07:10.355Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-03-16T21:18:56.607Z"},"title":"MHA Sistemas arMHAzena Executa Page sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"MHA Sistemas","product":"arMHAzena","versions":[{"version":"9.6.0.0","status":"affected"}],"modules":["Executa Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In MHA Sistemas arMHAzena 9.6.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente Executa Page. Mittels dem Manipulieren des Arguments Companhia/Planta/Agente de/Agente até mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-03-15T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-03-15T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-03-16T22:19:07.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"João Silveira","type":"finder"},{"lang":"en","value":"Leonardo Teodoro","type":"finder"},{"lang":"en","value":"Johnermac (VulDB User)","type":"reporter"},{"lang":"en","value":"Johnermac (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.256888","name":"VDB-256888 | MHA Sistemas arMHAzena Executa Page sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.256888","name":"VDB-256888 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://johnermac.github.io/cve/sqli/","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:11:53.506Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.256888","name":"VDB-256888 | MHA Sistemas arMHAzena Executa Page sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.256888","name":"VDB-256888 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://johnermac.github.io/cve/sqli/","tags":["exploit","x_transferred"]}]},{"affected":[{"vendor":"mha_sistemas","product":"armhazena","cpes":["cpe:2.3:a:mha_sistemas:armhazena:9.6.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"9.6.0.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-03-15T15:52:20.292718Z","id":"CVE-2024-2480","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-02T18:07:10.355Z"}}]}}