关键信息 1. 漏洞名称: - Codezips Pet Shop Management System 1.0 Birdsupdate.php ID SQL Injection 2. 漏洞编号: - VDB-282561 - CVE-2024-10561 3. CVSS Meta Temp Score: - 6.9 4. 当前利用价格: - $0-$5k 5. CTI兴趣评分: - 0.99 6. 漏洞描述: - A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects some unknown processing of the file birdsupdate.php. The manipulation of the argument id with an unknown input leads to a sql injection vulnerability. 7. 影响: - This is going to have an impact on confidentiality, integrity, and availability. 8. CVE描述: - A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 9. 利用难度: - The exploitability is told to be easy. 10. 利用方式: - It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. 11. 技术细节和公开利用: - Technical details and a public exploit are known. 12. MITRE ATT&CK项目: - Uses the attack technique T1505 for this issue. 13. 利用下载: - The exploit is shared for download at github.com. 14. 利用类型: - It is declared as proof-of-concept. 15. 搜索利用: - By approaching the search of inurl:birdsupdate.php it is possible to find vulnerable targets with Google Hacking. 16. 可能的补救措施: - There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.