nvd-json-data-feeds/CVE-2020/CVE-2020-241xx/CVE-2020-24193.json

{
  "id": "CVE-2020-24193",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-09-03T18:15:14.163",
  "lastModified": "2024-11-21T05:14:28.523",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en el inicio de sesi\u00f3n en Sourcecodetester Daily Tracker System versi\u00f3n 1.0, permite al usuario no autenticado ejecutar una omisi\u00f3n de autenticaci\u00f3n con inyecci\u00f3n SQL por medio del par\u00e1metro email"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "baseScore": 7.5,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:daily_tracker_system_project:daily_tracker_system:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DBBDC8-0B36-46A0-A125-4A384112CC17"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://sourcecodetester.com",
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ]
    },
    {
      "url": "https://www.exploit-db.com/exploits/48787",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://sourcecodetester.com",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ]
    },
    {
      "url": "https://www.exploit-db.com/exploits/48787",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}