cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8564,https://securityvulnerability.io/vulnerability/CVE-2024-8564,SQL Injection Vulnerability in SourceCodester PHP CRUD Application,"A severe SQL injection vulnerability has been identified in the SourceCodester PHP CRUD version 1.0, specifically affecting the file located at /endpoint/update.php. This vulnerability arises from improper handling of input parameters such as tbl_person_id, first_name, middle_name, and last_name, which allows an attacker to execute arbitrary SQL queries on the database. Importantly, this can be exploited remotely without authentication, posing a significant risk to data integrity and the confidentiality of sensitive information. As this vulnerability has been made public, immediate action is recommended to mitigate potential exploitation and secure affected systems.",Sourcecodester,PHP Crud,8.8,HIGH,0.0014100000262260437,false,,false,false,false,,,false,false,,2024-09-07T20:31:03.916Z,0
CVE-2024-8563,https://securityvulnerability.io/vulnerability/CVE-2024-8563,Cross Site Scripting Vulnerability in PHP CRUD 1.0 Could Lead to Remote Exploitation,"A vulnerability exists in the SourceCodester PHP CRUD version 1.0, specifically in the /endpoint/update.php file. An attacker can exploit this issue by manipulating the parameters first_name, middle_name, or last_name, resulting in cross-site scripting (XSS). This flaw permits the remote execution of malicious scripts in the context of a user’s session, potentially compromising sensitive information and web application integrity. The details of this exploit have been disclosed publicly, increasing the risk of an attack in the wild.",Sourcecodester,PHP Crud,6.1,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-09-07T20:00:04.571Z,0
CVE-2024-8562,https://securityvulnerability.io/vulnerability/CVE-2024-8562,CRUD Creator Vulnerability Exposes Sensitive Data to Cross-Site Scripting,"A vulnerability has been identified in SourceCodester PHP CRUD 1.0, specifically in the functionality of the file /endpoint/Add.php. The manipulation of the user input parameters first_name, middle_name, and last_name can lead to cross site scripting (XSS). This issue allows attackers to execute malicious scripts in the context of the user's browser, potentially compromising sensitive information and session identifiers. The publicly disclosed details highlight the necessity for immediate action to safeguard against possible exploitation.",Sourcecodester,PHP Crud,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-09-07T19:00:05.069Z,0
CVE-2024-8561,https://securityvulnerability.io/vulnerability/CVE-2024-8561,SQL Injection Vulnerability in SourceCodester PHP CRUD Application,"A severe vulnerability has been identified in the SourceCodester PHP CRUD 1.0 application, specifically within the Delete Person functionality located in the file /endpoint/delete.php. This vulnerability permits attackers to manipulate the 'person' argument, leading to SQL injection attacks. Such an attack can be executed remotely, potentially compromising database integrity and exposing sensitive information. It is crucial for users of SourceCodester PHP CRUD to patch this vulnerability promptly to mitigate the associated risks.",Sourcecodester,PHP Crud,9.8,CRITICAL,0.0024999999441206455,false,,false,false,false,,,false,false,,2024-09-07T18:31:03.892Z,0