CVE-2024-4093

EUVD-2024-32655
A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CISA-ADPADP
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
oretnom23simple_subscription_website
1.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
simple_subscription_website_projectsimple_subscription_website
1.0
ADP
Common Weakness Enumeration
References
https://github.com/4wchen/Cve/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20view_application.php%20has%20Sqlinjection.pdf
https://vuldb.com/?ctiid.261822
https://vuldb.com/?id.261822
https://vuldb.com/?submit.321505
https://github.com/4wchen/Cve/blob/main/Simple%20Subscription%20Website%20with%20Admin%20System%20view_application.php%20has%20Sqlinjection.pdf
https://vuldb.com/?ctiid.261822
https://vuldb.com/?id.261822
https://vuldb.com/?submit.321505