CVE-2024-10369 MEDIUM

CVE-2024-10369: Codezips Sales Management System addcustcom.php sql injection

Vendor Codezips

Product Sales Management System

Weakness CWE-89 · SQLi

Published October 25, 2024

Last update October 25, 2024

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /addcustcom.php. The manipulation of the argument refno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

October 25, 2024 CVE published

October 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-10369

Related vulnerabilities

04Related CVE

CVE-2025-0967 code-projects Chat System add_chatroom.php sql injection CVE-2023-25045 WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection CVE-2026-25544 Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters CVE-2025-4303 PHPGurukul Human Metapneumovirus Testing Management System add-phlebotomist.php sql injection CVE-2025-68519 WordPress Brands for WooCommerce plugin <= 3.8.6.3 - SQL Injection vulnerability