{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3425","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-04-06T11:02:11.236Z","datePublished":"2024-04-07T16:00:05.876Z","dateUpdated":"2024-08-01T20:12:06.911Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-04-07T16:00:05.876Z"},"title":"SourceCodester Online Courseware activateall.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Online Courseware","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Affected by this vulnerability is an unknown functionality of the file admin/activateall.php. The manipulation of the argument selector leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259597 was assigned to this vulnerability."},{"lang":"de","value":"In SourceCodester Online Courseware 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei admin/activateall.php. Durch Manipulieren des Arguments selector mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-04-06T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-04-06T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-04-06T13:07:41.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"liuann (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.259597","name":"VDB-259597 | SourceCodester Online Courseware activateall.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.259597","name":"VDB-259597 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.311604","name":"Submit #311604 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-10.md","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"sourcecodester","product":"online_courseware","cpes":["cpe:2.3:a:sourcecodester:online_courseware:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-16T13:27:29.418516Z","id":"CVE-2024-3425","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-16T15:44:39.022Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:12:06.911Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.259597","name":"VDB-259597 | SourceCodester Online Courseware activateall.php sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.259597","name":"VDB-259597 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.311604","name":"Submit #311604 | https://www.sourcecodester.com Online Courseware 1.0 SQL Injection","tags":["third-party-advisory","x_transferred"]},{"url":"https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-10.md","tags":["exploit","x_transferred"]}]}]}}