Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Task Manager by code-projects

    CVE-2024-11096 (GCVE-0-2024-11096)

    Vulnerability from nvd – Published: 2024-11-12 00:31 – Updated: 2025-01-09 08:22
    VLAI
    Title
    code-projects Task Manager newProject.php sql injection
    Summary
    A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.283917 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.283917 signaturepermissions-required
    https://vuldb.com/?submit.441186 third-party-advisory
    https://github.com/UnrealdDei/cve/blob/main/sql4.md exploit
    https://code-projects.org/ product
    Impacted products
    Vendor Product Version
    code-projects Task Manager Affected: 1.0
    Create a notification for this product.
    code-projects task_manager Affected: 1.0
        cpe:2.3:a:code-projects:task_manager:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    李腾 谢亚轩 刘芮彤 UnrealDawn (VulDB User) UnrealDawn (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:code-projects:task_manager:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "task_manager",
                "vendor": "code-projects",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11096",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T15:57:30.821649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T15:58:31.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Task Manager",
              "vendor": "code-projects",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "\u674e\u817e"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "\u8c22\u4e9a\u8f69"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "\u5218\u82ae\u5f64"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "UnrealDawn (VulDB User)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "UnrealDawn (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in code-projects Task Manager 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /newProject.php. Durch das Manipulieren des Arguments projectName mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T08:22:25.704Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-283917 | code-projects Task Manager newProject.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.283917"
            },
            {
              "name": "VDB-283917 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.283917"
            },
            {
              "name": "Submit #441186 | code-projects Task_Manager_In_PHP  v1.0 Sql injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.441186"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/UnrealdDei/cve/blob/main/sql4.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://code-projects.org/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-11T00:00:00.000Z",
              "value": "Vendor informed"
            },
            {
              "lang": "en",
              "time": "2024-11-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-11-11T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-01-09T09:23:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "code-projects Task Manager newProject.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-11096",
        "datePublished": "2024-11-12T00:31:04.374Z",
        "dateReserved": "2024-11-11T20:21:09.878Z",
        "dateUpdated": "2025-01-09T08:22:25.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11096 (GCVE-0-2024-11096)

    Vulnerability from cvelistv5 – Published: 2024-11-12 00:31 – Updated: 2025-01-09 08:22
    VLAI
    Title
    code-projects Task Manager newProject.php sql injection
    Summary
    A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.283917 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.283917 signaturepermissions-required
    https://vuldb.com/?submit.441186 third-party-advisory
    https://github.com/UnrealdDei/cve/blob/main/sql4.md exploit
    https://code-projects.org/ product
    Impacted products
    Vendor Product Version
    code-projects Task Manager Affected: 1.0
    Create a notification for this product.
    code-projects task_manager Affected: 1.0
        cpe:2.3:a:code-projects:task_manager:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    李腾 谢亚轩 刘芮彤 UnrealDawn (VulDB User) UnrealDawn (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:code-projects:task_manager:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "task_manager",
                "vendor": "code-projects",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11096",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T15:57:30.821649Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T15:58:31.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Task Manager",
              "vendor": "code-projects",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "\u674e\u817e"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "\u8c22\u4e9a\u8f69"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "\u5218\u82ae\u5f64"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "UnrealDawn (VulDB User)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "UnrealDawn (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in code-projects Task Manager 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /newProject.php. Durch das Manipulieren des Arguments projectName mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T08:22:25.704Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-283917 | code-projects Task Manager newProject.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.283917"
            },
            {
              "name": "VDB-283917 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.283917"
            },
            {
              "name": "Submit #441186 | code-projects Task_Manager_In_PHP  v1.0 Sql injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.441186"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/UnrealdDei/cve/blob/main/sql4.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://code-projects.org/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-11T00:00:00.000Z",
              "value": "Vendor informed"
            },
            {
              "lang": "en",
              "time": "2024-11-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-11-11T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-01-09T09:23:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "code-projects Task Manager newProject.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-11096",
        "datePublished": "2024-11-12T00:31:04.374Z",
        "dateReserved": "2024-11-11T20:21:09.878Z",
        "dateUpdated": "2025-01-09T08:22:25.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }