PT-2024-37640 · Unknown · Itsourcecode Farm Management System

Kkff33

Published

2024-07-02

Updated

2024-08-21

CVE-2024-6453

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions itsourcecode Farm Management System version 1.0

Description A critical issue has been found in the itsourcecode Farm Management System, affecting an unknown functionality of the file /quarantine.php?id=3. The manipulation of the pigno, breed, and reason arguments leads to SQL injection. This issue can be exploited remotely. The exploit has been disclosed to the public and may be used.

Recommendations For itsourcecode Farm Management System version 1.0, consider disabling the /quarantine.php file or restricting access to it until a patch is available. Additionally, avoid using the pigno, breed, and reason parameters in the affected API endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-6453

Affected Products

Itsourcecode Farm Management System

PT-2024-37640 · Unknown · Itsourcecode Farm Management System

CVE-2024-6453

Weakness Enumeration

Related Identifiers

Affected Products

References · 7