Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-10758 — SQL Injection in Content Management System

CWE-89 — SQL Injection CWE-416 — Use After Free5 documents5 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 67.31%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Anirbandutta9 Content Management System Anirbandutta9 News-buzz Code-projects Content Management System +1 more

Timeline

PublishedNov 4

Latest updateApr 11

Description

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages6 packages

▶CVEListV5code-projects/content_management_system1.0

▶NVDcode-projects/content_management_system1.0

▶CVEListV5code-projects/news-buzz1.0

▶CVEListV5anirbandutta9/content_management_system1.0

▶CVEListV5anirbandutta9/news-buzz1.0

🔴Vulnerability Details

CVEList

code-projects/anirbandutta9 Content Management System/News-Buzz index.php sql injection↗2024-11-04

▶

GHSA

GHSA-74pw-6jvg-9rqc: A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1↗2024-11-04

▶

💥Exploits & PoCs

Exploit-DB

NEWS-BUZZ News Management System 1.0 - SQL Injection↗2025-04-11

▶