CVE-2024-37858 — SQL Injection in Lost AND Found Information System

CWE-89 — SQL Injection CWE-269 — Improper Privilege Management3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 35.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oretnom23 Lost AND Found Information System

Timeline

PublishedJul 29

Description

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDoretnom23/lost_and_found_information_system1.0

🔴Vulnerability Details

GHSA

GHSA-9hvr-9q8w-mmmp: SQL Injection vulnerability in Lost and Found Information System 1↗2024-07-29

▶

CVEList

CVE-2024-37858: SQL Injection vulnerability in Lost and Found Information System 1↗2024-07-29

▶