CVE-2024-6014 MEDIUM

CVE-2024-6014: itsourcecode Document Management System edithis.php sql injection

Vendor Itsourcecode

Product Document Management System

Weakness CWE-89 · SQLi

Published June 15, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268722 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

June 15, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-6014 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-11735 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter CVE-2025-9765 itsourcecode Sports Management System tournament_details.php sql injection CVE-2023-50853 WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.75.0 is vulnerable to SQL Injection CVE-2024-32706 WordPress ARForms plugin <= 6.4 - Subscriber+ SQL Injection vulnerability CVE-2025-11070 Projectworlds Online Shopping System cart_add.php sql injection