SQL Injection Vulnerability in Code4Berry Decoration Management System
CVE-2024-11487

6.3MEDIUM

Key Information:

Vendor

Code4berry

Status
Decoration Management System
Vendor
CVE Published:
20 November 2024

What is CVE-2024-11487?

A critical security flaw has been identified in the Code4Berry Decoration Management System version 1.0, specifically within the btndates_report.php file in the Between Dates Reports component. This vulnerability allows attackers to manipulate the fromdate and todate parameters, leading to SQL injection attacks. Such attacks could enable unauthorized access to sensitive data and compromise the integrity of the system. The weakness can be exploited remotely, making it a significant risk. Despite early notifications to the vendor regarding this issue, a response has yet to be received. Immediate attention and patching are recommended to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Decoration Management System 1.0

References

https://vuldb.com/?id.285502
vdb-entrytechnical-description
https://vuldb.com/?ctiid.285502
signaturepermissions-required
https://vuldb.com/?submit.441917
third-party-advisory

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

scumdestroy (VulDB User)
JSON
.