CVE-2024-12894

A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e	Patch
https://vuldb.com/?ctiid.289164	Permissions Required VDB Entry
https://vuldb.com/?id.289164	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:treasurehuntgame:treasurehunt:*:*:*:*:*:*:*:*

History

10 Jan 2025, 21:12

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad clasificada como crítica en TreasureHuntGame TreasureHunt hasta la versión 963e0e0. Se ve afectada una función desconocida del archivo TreasureHunt/acesso.php. La manipulación del argumento usuario provoca una inyección SQL. Es posible lanzar el ataque de forma remota. Este producto utiliza una versión continua para proporcionar una distribución continua. Por lo tanto, no hay detalles de la versión afectada ni de las versiones actualizadas disponibles. El nombre del parche es 8bcc649abc35b7734951be084bb522a532faac4e. Se recomienda aplicar un parche para solucionar este problema.
References	~~() https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e -~~	() https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e - Patch
References	~~() https://vuldb.com/?ctiid.289164 -~~	() https://vuldb.com/?ctiid.289164 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.289164 -~~	() https://vuldb.com/?id.289164 - Third Party Advisory, VDB Entry
CPE		cpe:2.3:a:treasurehuntgame:treasurehunt::::::::
First Time		Treasurehuntgame Treasurehuntgame treasurehunt

22 Dec 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-22 12:15

Updated : 2025-01-10 21:12

NVD link : CVE-2024-12894

Mitre link : CVE-2024-12894

CVE.ORG link : CVE-2024-12894

JSON object : View

Products Affected

treasurehuntgame

treasurehunt

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

6.3 /10