关键信息 1. 漏洞名称: - 1000 Projects Beauty Parlour Management System 1.0 /index.php Name SQL Injection 2. 漏洞编号: - VDB-283921 - CVE-2024-11100 3. CVSS Meta Temp Score: - 6.9 4. 当前漏洞价格: - $0-$5k 5. CTI Interest Score: - 0.13 6. 漏洞描述: - A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name with an unknown input leads to a sql injection vulnerability. The CWE definition for the vulnerability is CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is: - A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 7. 漏洞影响: - The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known. MITRE ATT&CK project uses the attack technique T1505 for this issue. 8. 漏洞利用: - It is possible to download the exploit at github.com. It is declared as proof-of-concept. By approaching the search of inurl:index.php it is possible to find vulnerable targets with Google Hacking. 9. 建议措施: - There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 10. 相关链接: - Entries connected to this vulnerability are available at VDB-274874, VDB-276818, VDB-278202 and VDB-278269.