关键信息 1. 漏洞名称: - SourceCodester Garbage Collection Management System 1.0 Login.php Username/Password SQL Injection 2. 漏洞编号: - VDB-281680 - CVE-2024-10335 3. 受影响的文件: - login.php 4. 漏洞描述: - CVSS Meta Temp Score: 6.9 - Current Exploit Price: $0-$5k - CTI Interest Score: 1.29 5. 漏洞影响: - CWE-89: SQL injection vulnerability - Impact: Affects confidentiality, integrity, and availability 6. 漏洞利用: - Exploit Disclosure: Public - Exploit Availability: Proof-of-concept - Exploit Technique: T1505 (MITRE ATT&CK project) 7. 漏洞利用方法: - Search for vulnerable targets: Use Google Hacking with the search term 8. 建议措施: - Countermeasures: No specific countermeasures mentioned - Alternative Product: Consider replacing the affected object with an alternative product 9. 漏洞披露: - Initial Researcher Advisory: Only mentions the parameter "username" to be affected. Assumes the parameter "password" is also affected. 10. 漏洞利用工具: - Exploit Availability: Proof-of-concept available at github.com 11. 漏洞评分: - CVSS Meta Temp Score: 6.9 (Moderate) 12. 漏洞价格: - Current Exploit Price: $0-$5k 13. CTI Interest Score: 1.29 (Low) 总结 这个漏洞是SourceCodester Garbage Collection Management System 1.0中的一个SQL注入漏洞,影响了 文件。漏洞利用容易,且已经公开披露。建议替换受影响的组件或产品以防止进一步的安全风险。