{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7118","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-07-25T18:37:04.167Z","datePublished":"2024-07-26T04:00:05.572Z","dateUpdated":"2024-08-01T21:52:30.581Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-07-26T04:00:05.572Z"},"title":"MD-MAFUJUL-HASAN Online-Payroll-Management-System department_viewmore.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"CWE-89 SQL Injection"}]}],"affected":[{"vendor":"MD-MAFUJUL-HASAN","product":"Online-Payroll-Management-System","versions":[{"version":"20230911","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In MD-MAFUJUL-HASAN Online-Payroll-Management-System bis 20230911 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /department_viewmore.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-07-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-07-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-07-25T20:42:17.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.272449","name":"VDB-272449 | MD-MAFUJUL-HASAN Online-Payroll-Management-System department_viewmore.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.272449","name":"VDB-272449 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.376890","name":"Submit #376890 | MD-MAFUJUL-HASAN Online-Payroll-Management-System 09/2023 SQL Injection","tags":["third-party-advisory"]},{"url":"https://github.com/topsky979/Security-Collections/tree/main/cve9","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"md-mafujul-hasan","product":"online-payroll-management-system","cpes":["cpe:2.3:a:md-mafujul-hasan:online-payroll-management-system:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"20230911","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-31T13:28:57.330588Z","id":"CVE-2024-7118","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-31T13:36:25.572Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:52:30.581Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.272449","name":"VDB-272449 | MD-MAFUJUL-HASAN Online-Payroll-Management-System department_viewmore.php sql injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.272449","name":"VDB-272449 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://vuldb.com/?submit.376890","name":"Submit #376890 | MD-MAFUJUL-HASAN Online-Payroll-Management-System 09/2023 SQL Injection","tags":["third-party-advisory","x_transferred"]},{"url":"https://github.com/topsky979/Security-Collections/tree/main/cve9","tags":["exploit","x_transferred"]}]}]}}