SQL Injection Vulnerability in Codezips Pet Shop Management System
CVE-2024-10430

9.8CRITICAL

Key Information:

Vendor: Codezips
Status: Pet Shop Management System
Vendor: CVE Published:; 27 October 2024

What is CVE-2024-10430?

A significant SQL injection vulnerability has been discovered in the Codezips Pet Shop Management System version 1.0. This vulnerability is located in the processing of the 'id' parameter within the /animalsupdate.php file. Attackers can exploit this flaw from a remote location, potentially allowing them to execute arbitrary SQL queries. Such exploits could lead to unauthorized access to sensitive data, enabling attackers to manipulate or delete data within the application. Organizations using this product should prioritize applying available patches and implementing security measures to mitigate this risk.

References

https://vuldb.com/?id.281981

https://vuldb.com/?ctiid.281981

https://vuldb.com/?submit.432149

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2024