SQL Injection Vulnerability in Simple Admin Panel by Code-Projects
CVE-2024-12931

5.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Simple Admin Panel
Vendor
CVE Published:
26 December 2024

Summary

A notable vulnerability has been identified in the Simple Admin Panel 1.0, specifically in an undisclosed function within the file /addCatController.php. This vulnerability stems from improper handling of user inputs, allowing for SQL injection attacks via manipulation of the 'size' argument. Malicious actors can exploit this weakness remotely, potentially compromising the integrity of the database and exposing sensitive information. Given that the exploit has been publicly disclosed, organizations using this product should take immediate steps to mitigate the risk associated with this vulnerability. Regular updates and security best practices are recommended to defend against such attacks.

Affected Version(s)

Simple Admin Panel 1.0

References

https://vuldb.com/?id.289284
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289284
signaturepermissions-required
https://vuldb.com/?submit.468122
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
.