{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-5515","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-05-30T06:13:49.936Z","datePublished":"2024-05-30T13:00:06.055Z","dateUpdated":"2024-08-01T21:18:06.412Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-05-30T13:00:06.055Z"},"title":"SourceCodester Stock Management System createBrand.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"SourceCodester","product":"Stock Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in SourceCodester Stock Management System 1.0. It has been classified as critical. Affected is an unknown function of the file createBrand.php. The manipulation of the argument brandName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266586 is the identifier assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in SourceCodester Stock Management System 1.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei createBrand.php. Dank Manipulation des Arguments brandName mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-05-30T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-05-30T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-05-30T08:19:02.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Wang Haojian (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.266586","name":"VDB-266586 | SourceCodester Stock Management System createBrand.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.266586","name":"VDB-266586 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.345714","name":"Submit #345714 | SourceCodester Stock Management System in PHP V1.0 SQL","tags":["third-party-advisory"]},{"url":"https://github.com/HaojianWang/cve/issues/1","tags":["exploit","issue-tracking"]}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-5515","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-30T14:13:05.094989Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T18:03:02.204Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:18:06.412Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.266586","name":"VDB-266586 | SourceCodester Stock Management System createBrand.php sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.266586","name":"VDB-266586 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.345714","name":"Submit #345714 | SourceCodester Stock Management System in PHP V1.0 SQL","tags":["third-party-advisory","x_transferred"]},{"url":"https://github.com/HaojianWang/cve/issues/1","tags":["exploit","issue-tracking","x_transferred"]}]}]}}