CVE-2024-25351

CWE-89 — SQL Injection3 documents3 sources

Severity

3.8LOW

EPSS

0.1%

top 75.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul ZOO Management System

Timeline

PublishedFeb 28

Latest updateFeb 29

Description

SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages1 packages

▶NVDphpgurukul/zoo_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-6hvh-59wp-qgpm: SQL Injection vulnerability in /zms/admin/changeimage↗2024-02-29

▶

CVEList

CVE-2024-25351: SQL Injection vulnerability in /zms/admin/changeimage↗2024-02-28

▶