{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2927","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-03-26T15:35:05.027Z","datePublished":"2024-03-26T23:00:08.667Z","dateUpdated":"2024-08-08T20:32:08.189Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-03-26T23:00:08.667Z"},"title":"code-projects Mobile Shop Login Page Details.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"code-projects","product":"Mobile Shop","versions":[{"version":"1.0","status":"affected"}],"modules":["Login Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258000."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in code-projects Mobile Shop 1.0 ausgemacht. Es betrifft eine unbekannte Funktion der Datei Details.php der Komponente Login Page. Mittels Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-03-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-03-26T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-03-26T16:40:34.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"hazim.arbas (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.258000","name":"VDB-258000 | code-projects Mobile Shop Login Page Details.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.258000","name":"VDB-258000 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.304053","name":"Submit #304053 | code-projects PHP 1.0 SQL Injection","tags":["third-party-advisory"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:32:41.797Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.258000","name":"VDB-258000 | code-projects Mobile Shop Login Page Details.php sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.258000","name":"VDB-258000 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.304053","name":"Submit #304053 | code-projects PHP 1.0 SQL Injection","tags":["third-party-advisory","x_transferred"]}]},{"affected":[{"vendor":"code-projects","product":"mobile_shop","cpes":["cpe:2.3:a:code-projects:mobile_shop:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-08T20:28:46.922079Z","id":"CVE-2024-2927","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-08T20:32:08.189Z"}}]}}