CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0487

High Severity
Code-projects
SVRS
67/100
CVSSv3
9.8/10
EPSS
0.00038/1

CVE-2024-0487: A critical SQL injection vulnerability exists in the Fighting Cock Information System 1.0. This flaw impacts the /admin/action/delete-vaccine.php file, allowing remote attackers to manipulate the 'ref' argument and inject malicious SQL code. With a CVSS score of 9.8, the technical risk is considered critical. While the SVRS is 67 (not critical, but still significant), the public availability of an exploit raises the urgency of remediation. Successful exploitation could lead to data breaches, unauthorized access, or complete system compromise. Organizations using the Fighting Cock Information System 1.0 should immediately apply necessary patches or mitigations to prevent potential attacks, despite the SVRS being below the critical threshold of 80. This vulnerability highlights the persistent threat of SQL injection flaws in web applications.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-01-13
LAST MODIFIED2024-05-17
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-0487 is a critical vulnerability in code-projects Fighting Cock Information System 1.0, allowing remote attackers to execute SQL injection attacks by manipulating the 'ref' argument in the '/admin/action/delete-vaccine.php' file. The exploit has been publicly disclosed and may be actively used.

Key Insights:

  1. High Severity: The SVRS score of 67 indicates a high severity level, highlighting the urgency of addressing this vulnerability. Immediate action is necessary to mitigate potential threats.

  2. SQL Injection Risk: The vulnerability enables attackers to inject malicious SQL queries into the application, potentially leading to unauthorized access to sensitive data, modification of records, or even complete compromise of the system.

  3. Remote Exploitation: The vulnerability can be exploited remotely, allowing attackers to launch attacks from anywhere with internet access. This increases the risk of successful exploitation and the potential impact on affected systems.

  4. Public Disclosure: The exploit has been publicly disclosed, making it accessible to a wide range of attackers, including malicious actors and cybercriminals. This increases the likelihood of exploitation attempts and the need for immediate action.

Mitigation Strategies:

  1. Apply Software Updates: If available, apply the latest software updates or patches provided by the vendor to address the vulnerability. This is the most effective way to mitigate the risk of exploitation.

  2. Implement Input Validation: Implement robust input validation mechanisms to prevent malicious SQL queries from being executed. This can be achieved through input filtering, sanitization, and validation techniques.

  3. Use Secure Coding Practices: Developers should follow secure coding practices and guidelines to prevent SQL injection vulnerabilities from being introduced into the code. This includes using parameterized queries, prepared statements, and escaping user input.

  4. Enable Intrusion Detection and Prevention Systems: Deploy intrusion detection and prevention systems (IDS/IPS) to monitor network traffic and identify suspicious activities or attempts to exploit the vulnerability.

Additional Information:

  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppCode-projectsfighting_cock_information_system

References

ReferenceLink
[email protected]https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf
[email protected]https://vuldb.com/?ctiid.250592
[email protected]https://vuldb.com/?id.250592

CWE Details

CWE IDCWE NameDescription
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence