NuytsTech Security

CVE-2024-0273

by ·

A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828.

More information : https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : NONE
Base score : 6.5
Base severity : MEDIUM
Exploitability score : 2.8
Impact score : 3.6

Tags: