{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3015","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-03-27T14:24:29.756Z","datePublished":"2024-03-28T01:31:03.792Z","dateUpdated":"2024-08-01T19:32:42.558Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-03-28T01:31:03.792Z"},"title":"SourceCodester Simple Subscription Website manage_plan.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Simple Subscription Website","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258301 was assigned to this vulnerability."},{"lang":"de","value":"In SourceCodester Simple Subscription Website 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei manage_plan.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-03-27T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-03-27T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-03-27T15:29:38.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"H.Shanley (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.258301","name":"VDB-258301 | SourceCodester Simple Subscription Website manage_plan.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.258301","name":"VDB-258301 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.305649","name":"Submit #305649 | Simple Subscription Website with Admin System Simple Subscription Website with Admin System 1.0 Sqlinjection","tags":["third-party-advisory"]},{"url":"https://github.com/Viciglu/cvehub/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_plan.php%20has%20Sqlinjection.pdf","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-3015","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-28T18:41:13.560804Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-05T17:21:20.496Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:32:42.558Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.258301","name":"VDB-258301 | SourceCodester Simple Subscription Website manage_plan.php sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.258301","name":"VDB-258301 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.305649","name":"Submit #305649 | Simple Subscription Website with Admin System Simple Subscription Website with Admin System 1.0 Sqlinjection","tags":["third-party-advisory","x_transferred"]},{"url":"https://github.com/Viciglu/cvehub/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20manage_plan.php%20has%20Sqlinjection.pdf","tags":["exploit","x_transferred"]}]}]}}