SQL Injection Vulnerability in Codezips Pet Shop Management System
CVE-2024-10431

9.8CRITICAL

Key Information:

Vendor: Codezips
Status: Pet Shop Management System
Vendor: CVE Published:; 27 October 2024

What is CVE-2024-10431?

The Codezips Pet Shop Management System version 1.0 contains a significant SQL injection vulnerability within the deletebird.php file. This security flaw is due to improper handling of user input in the function that processes deletion requests. An attacker can manipulate the 't1' argument to execute arbitrary SQL commands, potentially allowing them to retrieve, modify, or delete sensitive data from the database. This vulnerability can be exploited remotely, posing a serious risk to the confidentiality, integrity, and availability of the system's data. Organizations using this product should prioritize applying available patches or implementing security measures to mitigate potential attacks.

References

https://vuldb.com/?id.281982

https://vuldb.com/?ctiid.281982

https://vuldb.com/?submit.432150

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2024