SQL Injection Vulnerability in Codezips Technical Discussion Forum 1.0
CVE-2024-12484

9.8CRITICAL

Key Information:

Vendor: Codezips
Status: Technical Discussion Forum
Vendor: CVE Published:; 12 December 2024

What is CVE-2024-12484?

A vulnerability has been identified in the Codezips Technical Discussion Forum version 1.0, specifically affecting the file /signuppost.php. This vulnerability allows for SQL injection through the manipulation of the 'Username' argument. Attackers can exploit this vulnerability remotely, potentially impacting other parameters within the application. The possibility of external exploitation presents significant security concerns for users running this version of the product.

References

https://github.com/LiChaser/CVE/

https://vuldb.com/?ctiid.287866

https://vuldb.com/?id.287866

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024