2024-11-28 19:06:18 +00:00
{
"id" : "CVE-2024-11967" ,
"sourceIdentifier" : "cna@vuldb.com" ,
"published" : "2024-11-28T18:15:07.780" ,
2024-12-03 23:03:39 +00:00
"lastModified" : "2024-12-03T20:20:04.177" ,
"vulnStatus" : "Analyzed" ,
2024-11-28 19:06:18 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
2024-12-03 23:03:39 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se ha encontrado una vulnerabilidad en PHPGurukul Complaint Management system 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /admin/reset-password.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
2024-11-28 19:06:18 +00:00
}
] ,
"metrics" : {
"cvssMetricV40" : [
{
"source" : "cna@vuldb.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "4.0" ,
"vectorString" : "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" ,
"baseScore" : 6.9 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"attackRequirements" : "NONE" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"vulnerableSystemConfidentiality" : "LOW" ,
"vulnerableSystemIntegrity" : "LOW" ,
"vulnerableSystemAvailability" : "LOW" ,
"subsequentSystemConfidentiality" : "NONE" ,
"subsequentSystemIntegrity" : "NONE" ,
"subsequentSystemAvailability" : "NONE" ,
"exploitMaturity" : "NOT_DEFINED" ,
"confidentialityRequirements" : "NOT_DEFINED" ,
"integrityRequirements" : "NOT_DEFINED" ,
"availabilityRequirements" : "NOT_DEFINED" ,
"modifiedAttackVector" : "NOT_DEFINED" ,
"modifiedAttackComplexity" : "NOT_DEFINED" ,
"modifiedAttackRequirements" : "NOT_DEFINED" ,
"modifiedPrivilegesRequired" : "NOT_DEFINED" ,
"modifiedUserInteraction" : "NOT_DEFINED" ,
"modifiedVulnerableSystemConfidentiality" : "NOT_DEFINED" ,
"modifiedVulnerableSystemIntegrity" : "NOT_DEFINED" ,
"modifiedVulnerableSystemAvailability" : "NOT_DEFINED" ,
"modifiedSubsequentSystemConfidentiality" : "NOT_DEFINED" ,
"modifiedSubsequentSystemIntegrity" : "NOT_DEFINED" ,
"modifiedSubsequentSystemAvailability" : "NOT_DEFINED" ,
"safety" : "NOT_DEFINED" ,
"automatable" : "NOT_DEFINED" ,
"recovery" : "NOT_DEFINED" ,
"valueDensity" : "NOT_DEFINED" ,
"vulnerabilityResponseEffort" : "NOT_DEFINED" ,
"providerUrgency" : "NOT_DEFINED"
}
}
] ,
"cvssMetricV31" : [
{
"source" : "cna@vuldb.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" ,
"baseScore" : 7.3 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "LOW"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.4
2024-12-03 23:03:39 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
2024-11-28 19:06:18 +00:00
}
] ,
"cvssMetricV2" : [
{
"source" : "cna@vuldb.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P" ,
"baseScore" : 7.5 ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "PARTIAL"
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "cna@vuldb.com" ,
2024-12-03 23:03:39 +00:00
"type" : "Secondary" ,
2024-11-28 19:06:18 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-74"
} ,
{
"lang" : "en" ,
"value" : "CWE-89"
}
]
2024-12-03 23:03:39 +00:00
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-89"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:phpgurukul:complaint_management_system:1.0:*:*:*:-:*:*:*" ,
"matchCriteriaId" : "CAB40780-3F18-4A8D-9033-32EF5A7327D5"
}
]
}
]
2024-11-28 19:06:18 +00:00
}
] ,
"references" : [
{
"url" : "https://github.com/Aurora0x1/CVE/issues/4" ,
2024-12-03 23:03:39 +00:00
"source" : "cna@vuldb.com" ,
"tags" : [
"Exploit" ,
"Third Party Advisory"
]
2024-11-28 19:06:18 +00:00
} ,
{
"url" : "https://phpgurukul.com/" ,
2024-12-03 23:03:39 +00:00
"source" : "cna@vuldb.com" ,
"tags" : [
"Product"
]
2024-11-28 19:06:18 +00:00
} ,
{
"url" : "https://vuldb.com/?ctiid.286350" ,
2024-12-03 23:03:39 +00:00
"source" : "cna@vuldb.com" ,
"tags" : [
"Permissions Required"
]
2024-11-28 19:06:18 +00:00
} ,
{
"url" : "https://vuldb.com/?id.286350" ,
2024-12-03 23:03:39 +00:00
"source" : "cna@vuldb.com" ,
"tags" : [
"Permissions Required"
]
2024-11-28 19:06:18 +00:00
} ,
{
"url" : "https://vuldb.com/?submit.452477" ,
2024-12-03 23:03:39 +00:00
"source" : "cna@vuldb.com" ,
"tags" : [
"Third Party Advisory"
]
2024-11-28 19:06:18 +00:00
}
]
}
