CVE-2024-8868

HIGH

Code-projects Crud Operation System - SQL Injection

Title source: rule

Description

A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec 1 stars

by M0onc · poc

https://github.com/M0onc/CVE-2024-8868

View on nomisec

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.277505

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.277505

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.408322

[Exploit, Third Party Advisory] https://github.com/ppp-src/a/issues/7

[Product] https://code-projects.org/

Scores

CVSS v3 7.3

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

code-projects/crud_operation_system 1.0

Published Sep 15, 2024

Tracked Since Feb 18, 2026