CVE-2024-2927

HIGH

code-projects Mobile Shop 1.0 - SQL Injection

Title source: llm
STIX 2.1

Description

A vulnerability was found in code-projects Mobile Shop 1.0. It has been classified as critical. Affected is an unknown function of the file Details.php of the component Login Page. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258000.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.258000
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.258000
Exploit, Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.304053

Scores

CVSS v3 7.3
EPSS 0.0078
EPSS Percentile 51.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
anisha/mobile_shop 1.0
Published Mar 26, 2024
Tracked Since Feb 18, 2026