cvelist/2024/7xxx/CVE-2024-7934.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-7934",
        "ASSIGNER": "cna@vuldb.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file execute.php. The manipulation of the argument code leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
                "lang": "deu",
                "value": "In itsourcecode Project Expense Monitoring System 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei execute.php. Durch das Beeinflussen des Arguments code mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-89 SQL Injection",
                        "cweId": "CWE-89"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "itsourcecode",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Project Expense Monitoring System",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://vuldb.com/?id.275119",
                "refsource": "MISC",
                "name": "https://vuldb.com/?id.275119"
            },
            {
                "url": "https://vuldb.com/?ctiid.275119",
                "refsource": "MISC",
                "name": "https://vuldb.com/?ctiid.275119"
            },
            {
                "url": "https://vuldb.com/?submit.392946",
                "refsource": "MISC",
                "name": "https://vuldb.com/?submit.392946"
            },
            {
                "url": "https://github.com/DeepMountains/zzz/blob/main/CVE3-2.md",
                "refsource": "MISC",
                "name": "https://github.com/DeepMountains/zzz/blob/main/CVE3-2.md"
            }
        ]
    },
    "credits": [
        {
            "lang": "en",
            "value": "GUOTINGTING (VulDB User)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "baseScore": 6.3,
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "3.0",
                "baseScore": 6.3,
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "baseSeverity": "MEDIUM"
            },
            {
                "version": "2.0",
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }
}