SQL Injection Vulnerability in Simple Admin Panel by Code-Projects
CVE-2024-12934

5.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Simple Admin Panel
Vendor
CVE Published:
26 December 2024

Summary

A significant vulnerability has been identified in version 1.0 of the Simple Admin Panel, developed by Code-Projects. The issue resides in the handling of input arguments within the updateItemController.php file, specifically the 'p_desk' parameter. An attacker could exploit this vulnerability via SQL injection, allowing unauthorized manipulation of the database. This flaw can be triggered remotely, thus broadening the attack vector. Given that the exploit details have been publicly disclosed, it is imperative for users of the affected product to apply necessary security measures to mitigate potential risks.

Affected Version(s)

Simple Admin Panel 1.0

References

https://vuldb.com/?id.289287
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289287
signaturepermissions-required
https://vuldb.com/?submit.468128
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
.