CVE-2024-40402

{"id": "CVE-2024-40402", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2024-07-17T20:15:06.507", "references": [{"url": "https://github.com/CveSecLook/cve/issues/49", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/CveSecLook/cve/issues/49", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en 'ajax.php' de Sourcecodester Simple Library Management System 1.0. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada del usuario del par\u00e1metro 'nombre de usuario', lo que permite a los atacantes inyectar consultas SQL maliciosas."}], "lastModified": "2025-04-23T14:19:18.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nikhil-bhalerao:simple_library_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1997736F-BF88-4D73-8E3E-D94407702B2D"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}