CVE-2024-12938

A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://code-projects.org/ Product
https://vuldb.com/?ctiid.289291 Permissions Required VDB Entry
https://vuldb.com/?id.289291 Third Party Advisory VDB Entry
https://vuldb.com/?submit.468135 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:code-projects:simple_admin_panel:1.0:*:*:*:*:*:*:*

History

17 Jun 2026, 07:00

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en code-projects Simple Admin Panel 1.0 y se ha clasificado como crítica. Una función desconocida del archivo updateOrderStatus.php es afectada por esta vulnerabilidad. La manipulación del registro de argumentos conduce a la inyección de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://vuldb.com/?ctiid.289291 - () https://vuldb.com/?ctiid.289291 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.289291 - () https://vuldb.com/?id.289291 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.468135 - () https://vuldb.com/?submit.468135 - Exploit, Third Party Advisory, VDB Entry
First Time Code-projects simple Admin Panel
Code-projects
CPE cpe:2.3:a:code-projects:simple_admin_panel:1.0:*:*:*:*:*:*:*

26 Dec 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-12-26 06:15

Updated : 2026-06-17 07:00


NVD link : CVE-2024-12938

Mitre link : CVE-2024-12938

CVE.ORG link : CVE-2024-12938


JSON object : View

Products Affected

code-projects

  • simple_admin_panel
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')