SQL Injection Vulnerability in itsourcecode Farm Management System
CVE-2024-6453

8.8HIGH

Key Information:

Vendor: Itsourcecode
Status: Farm Management System
Vendor: CVE Published:; 2 July 2024

🔔 Create Itsourcecode Vulnerability Alert

What is CVE-2024-6453?

A critical SQL injection vulnerability exists in the itsourcecode Farm Management System 1.0, specifically targeting the file /quarantine.php with an id parameter set to 3. This vulnerability arises due to improper handling of multiple parameters, including 'pigno', 'breed', and 'reason', which allows remote attackers to execute arbitrary SQL queries. Exploitable remotely, this vulnerability could lead to unauthorized data manipulation and potentially severe impacts on the application's security integrity. The issue has been publicly disclosed, heightening the urgency for affected users to apply security measures promptly.

References

https://vuldb.com/?id.270241

https://vuldb.com/?ctiid.270241

https://vuldb.com/?submit.367626

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2024