CVE-2024-12484

HIGH

Codezips Technical Discussion Forum 1.0 - SQL Injection via Username Parameter in signuppost.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-12484. PoCs published by LiChaser.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-12484, a SQL injection vulnerability in the 'Technical Forum Using PHP Source Code' project. It includes root cause analysis, payload examples, and mitigation strategies, but lacks functional exploit code.

Description

A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Exploits (1)

nomisec WRITEUP 2 stars

by LiChaser · poc

https://github.com/LiChaser/CVE-2024-12484

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-12484, a SQL injection vulnerability in the 'Technical Forum Using PHP Source Code' project. It includes root cause analysis, payload examples, and mitigation strategies, but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Technical Forum Using PHP Source Code

No auth needed

Prerequisites: Access to the vulnerable endpoint /signuppost.php

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.287866

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.287866

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.459076

Exploit, Third Party Advisory exploit

https://github.com/LiChaser/CVE/

Scores

CVSS v3 7.3

EPSS 0.0093

EPSS Percentile 56.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (1)

codezips/technical_discussion_forum 1.0

Published Dec 12, 2024

Tracked Since Feb 18, 2026