CVE-2024-3000

CWE-89SQL InjectionCWE-79Cross-site Scripting (XSS)CWE-825CWE-476NULL Pointer DereferenceCWE-20Improper Input ValidationCWE-22Path TraversalCWE-250CWE-639Insecure Direct Object ReferenceCWE-284Improper Access ControlCWE-755Improper Exception Handling26 documents9 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 69.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Code-projects Online Book SystemAnisha Online Book System
Timeline
PublishedMar 27
Latest updateJul 2

Description

A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

6
GHSA
Gogs XSS allowed by stored call in PDF renderer2025-06-26
GHSA
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy2024-10-15
GHSA
open-webui Insecure Direct Object Reference (IDOR) vulnerability2024-10-09
GHSA
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed2024-04-19
GHSA
GHSA-2g9w-mw43-7j8w: A vulnerability classified as critical was found in code-projects Online Book System 12024-03-28

💥Exploits & PoCs

1
Exploit-DB
gogs 0.13.0 - Remote Code Execution (RCE)2025-07-02

📋Vendor Advisories

16
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-19232025-03-18
Chrome
Stable Channel Update for Desktop: CVE-2025-04342025-01-14
Red Hat
kernel: ext4: update orig_path in ext4_find_extent()2024-10-21
Red Hat
kernel: ext4: aovid use-after-free in ext4_ext_insert_extent()2024-10-21
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-79742024-09-09
CVE-2024-3000 (CRITICAL CVSS 9.8) | A vulnerability classified as criti | cvebase.io