SQL Injection Vulnerability in code-projects Farmacia Product
CVE-2024-12007
Key Information:
- Vendor
- Code-projects
- Status
- Vendor
- CVE Published:
- 1 December 2024
Badges
Summary
CVE-2024-12007 is a critical SQL injection vulnerability identified in the code-projects Farmacia version 1.0, specifically within the /visualizar-produto.php file. This vulnerability arises due to improper handling of user-supplied input in the 'id' argument, allowing an attacker to craft a malicious request that could manipulate the underlying SQL queries. This attack can be executed remotely, jeopardizing the security of the application and potentially compromising sensitive data. The exploit has been publicly disclosed, making immediate remediation essential for affected users.
Affected Version(s)
Farmacia 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published