Overview
- Description
- A vulnerability was found in Codezips ISP Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file pay.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
CVE-2024-10751 Critical SQL Injection Vulnerability in Codezips ISP Management System A critical vulnerability was identified in Codezips ISP Management System 1.0. This affects part of the pay.php file. The cust... https://t.co/W1iKQxNRqe
@VulmonFeeds
4 Nov 2024
54 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
馃毃 CVE-2024-10751: Critical SQL injection in Codezips ISP Management System 1.0's pay.php. Exploit available. Urgently patch affected systems & review logs for signs of compromise. Prioritize strong input validation. #WebAppSec #SQLi
@oktsec
3 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codezips:isp_management_system:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FF6890C-7A61-46EA-AF5D-FAB569F6DAD2"
}
],
"operator": "OR"
}
]
}
]