{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6112","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-06-18T05:52:49.515Z","datePublished":"2024-06-18T12:31:06.073Z","dateUpdated":"2024-08-01T21:33:04.295Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-06-18T12:31:06.073Z"},"title":"itsourcecode Pool of Bethesda Online Reservation System index.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"itsourcecode","product":"Pool of Bethesda Online Reservation System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument log_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-268858 is the identifier assigned to this vulnerability."},{"lang":"de","value":"In itsourcecode Pool of Bethesda Online Reservation System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei index.php. Durch das Manipulieren des Arguments log_email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-06-18T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-06-18T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-06-18T11:19:08.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"wangyuan-ui (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.268858","name":"VDB-268858 | itsourcecode Pool of Bethesda Online Reservation System index.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.268858","name":"VDB-268858 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.358990","name":"Submit #358990 | itsourcecode Pool of Bethesda Online Reservation System Using PHP V1.0 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/wangyuan-ui/CVE/issues/2","tags":["exploit","issue-tracking"]}]},"adp":[{"affected":[{"vendor":"itsourcecode","product":"pool_of_bethesda_online_reservation_system","cpes":["cpe:2.3:a:itsourcecode:pool_of_bethesda_online_reservation_system:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-18T14:15:58.818871Z","id":"CVE-2024-6112","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-18T14:16:23.858Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:33:04.295Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.268858","name":"VDB-268858 | itsourcecode Pool of Bethesda Online Reservation System index.php sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.268858","name":"VDB-268858 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.358990","name":"Submit #358990 | itsourcecode Pool of Bethesda Online Reservation System Using PHP V1.0 SQL Injection","tags":["third-party-advisory","x_transferred"]},{"url":"https://github.com/wangyuan-ui/CVE/issues/2","tags":["exploit","issue-tracking","x_transferred"]}]}]}}