Description

A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. This affects an unknown part of the file adminindex.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268461 was assigned to this vulnerability.

Classification

Assigner: [email protected]

CWE: CWE-89

Links
CPEs
  • sourcecodester best_online_news_portal 1.0

CVSS

CVSS version: 3.1 Base score: 6.3
Base severity: MEDIUM Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability score: 2.8 Impact score: 3.4

Can you explain the CVE description?

This CVE description is for a vulnerability identified as CVE-2024-5985 in the SourceCodester Best Online News Portal 1.0. The vulnerability is classified as critical and affects an unknown part of the file adminindex.php. The issue is related to SQL injection, specifically the manipulation of the argument username which can be exploited remotely. The exploit has been disclosed publicly and has the identifier VDB-268461 assigned to it. The CVSS score for this vulnerability is 6.3, indicating a medium severity level. The CWE associated with this vulnerability is CWE-89. The vulnerability was published on June 14, 2024, and is currently in the EARLY_WARNING status. Various URLs are provided for additional information and resources related to this vulnerability. The vector CVSS for this vulnerability is AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L, with an exploitability score of 2.8 and an impact score of 3.4. The assigner of this CVE is [email protected].

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being used as an entry point for a larger attack on the SourceCodester Best Online News Portal 1.0. An attacker could exploit the SQL injection vulnerability by manipulating the argument username in the adminindex.php file to gain unauthorized access to the system or extract sensitive information from the database. Once the attacker has gained access through the SQL injection vulnerability, they could potentially escalate their privileges, exfiltrate data, modify or delete information, or launch further attacks on the system or its users. This vulnerability could be just the first step in a series of malicious actions that could have serious consequences for the affected system and its users.


Generated on: 2024-07-01