2024-11-23
:
A critical SQL injection vulnerability (CVE-2024-11487) has been discovered in Code4Berry Decoration Management System 1.0. This vulnerability affects the Between Dates Reports component and allows remote attackers to manipulate the “fromdate” and “todate” arguments in the `/decoration/admin/btndates_report.php` file to inject malicious SQL code. The exploit has been publicly disclosed and the vendor has not responded.
Vulnerability Details:
Platform: Code4Berry Decoration Management System
Version: 1.0
Vulnerability: SQL Injection (CVE-2024-11487)
Severity: Critical
Date: November 20, 2024
What Undercode Says:
This is a critical vulnerability that can be exploited remotely.
Immediate patching is recommended to mitigate the risk of attack.
Users should be cautious when running untrusted code or data through the application.
Additional Notes:
The National Vulnerability Database (NVD) assigns a CVSS score of 5.3 (MEDIUM) to this vulnerability.
Disclaimer: This analysis is for informational purposes only and should not be considered a substitute for professional security advice.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help