In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 26-27, 2024.
During this period, The National Vulnerability Database published 46, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 3
Medium: 25
Low: 14
Severity Not Assigned: 4
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5357
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266269 was assigned to this vulnerability.
References: https://vuldb.com/?ctiid.266269
https://vuldb.com/?id.266269
https://vuldb.com/?submit.343372
https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wzxsew2dfb84l3lo
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5362
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266274 is the identifier assigned to this vulnerability.
References: https://github.com/CveSecLook/cve/issues/41
https://vuldb.com/?ctiid.266274
https://vuldb.com/?id.266274
https://vuldb.com/?submit.343373
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-5377
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266289 was assigned to this vulnerability.
References: https://github.com/yuyuliq/cve/issues/1
https://vuldb.com/?ctiid.266289
https://vuldb.com/?id.266289
https://vuldb.com/?submit.343809
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between May 26-27, 2024.
During this period, The National Vulnerability Database published 46, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 3
Medium: 25
Low: 14
Severity Not Assigned: 4
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-5357
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266269 was assigned to this vulnerability.
References: https://vuldb.com/?ctiid.266269
https://vuldb.com/?id.266269
https://vuldb.com/?submit.343372
https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wzxsew2dfb84l3lo
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-5362
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266274 is the identifier assigned to this vulnerability.
References: https://github.com/CveSecLook/cve/issues/41
https://vuldb.com/?ctiid.266274
https://vuldb.com/?id.266274
https://vuldb.com/?submit.343373
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-5377
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in SourceCodester Vehicle Management System 1.0. It has been classified as critical. This affects an unknown part of the file /newvehicle.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266289 was assigned to this vulnerability.
References: https://github.com/yuyuliq/cve/issues/1
https://vuldb.com/?ctiid.266289
https://vuldb.com/?id.266289
https://vuldb.com/?submit.343809
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found