CVE-2024-12938
MEDIUMCode-projects Simple Admin Panel - Injection
Title source: ruleDescription
A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Scores
CVSS v3
6.3
EPSS
0.0006
EPSS Percentile
17.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Classification
CWE
CWE-74
CWE-89
Status
published
Affected Products (1)
code-projects/simple_admin_panel
Timeline
Published
Dec 26, 2024
Tracked Since
Feb 18, 2026