CVE-2024-12792

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Published: Dec 19, 2024
Updated: May 4, 2025
CVE: CVE-2024-12792
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
codezips / e-commerce_site	1.0	1.0.x

https://github.com/laowuzi/cve/blob/main/E-commerce/E-commerce-newadmin.md
https://vuldb.com/?ctiid.288973
https://vuldb.com/?id.288973
https://vuldb.com/?submit.465715

Vulnerability Database

291,049

CVE-2024-12792