CVE-2024-11487 | Code4Berry Decoration Management System 1.0 Between Dates Reports btndates_report.php fromdate/todate sql injection

A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndates_report.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql injection.

This vulnerability was named CVE-2024-11487. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11487 | Code4Berry Decoration Management System 1.0 Between Dates Reports btndates_report.php fromdate/todate sql injection

Related Posts

CVE-2023-36498 | TP-LINK ER7206 Omada Gigabit VPN Router 1.3.0 Build 20230322 Rel.70591 PPTP Client os command injection (TALOS-2023-1853)

CVE-2024-47413 | Adobe Animate up to 23.0.7/24.0.4 use after free (apsb24-76)

CVE-2024-28921 | Microsoft unknown vulnerability

CVE-2024-28973 | Dell PowerProtect DD prior 8.0 Trusted Application Data Store cross site scripting (dsa-2024-219)