CVE-2024-2769

A vulnerability was detected in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname/email results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
campcodescomplete_online_beauty_parlor_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%205.pdf
https://vuldb.com/?ctiid.257605
https://vuldb.com/?id.257605
https://vuldb.com/?submit.302366
https://vuldb.com/?submit.654386
https://www.campcodes.com/
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%205.pdf
https://vuldb.com/?ctiid.257605
https://vuldb.com/?id.257605