CVE-2024-12791

A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Published: Dec 19, 2024
Updated: May 4, 2025
CVE: CVE-2024-12791
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
codezips / e-commerce_site	1.0	1.0.x

https://github.com/laowuzi/cve/blob/main/E-commerce/E-commerce-signin.md
https://vuldb.com/?ctiid.288971
https://vuldb.com/?id.288971
https://vuldb.com/?submit.465711

Vulnerability Database

291,049

CVE-2024-12791