ГлавнаяУязвимости → CVE-2024-40486
9.8критическая

CVE-2024-40486

Описание

A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters.

Затрагиваемое ПО
Lopalopa Live membership system
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Live%20Membership%20System%20v1.0/SQL%20Injection.pdfhttps://www.kashipara.com/project/php/12997/live-membership-system-in-php-php-project-source-code