CVE-2024-12894

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-12894
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-12894.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-12894
Published
2024-12-22T12:00:13.449Z
Modified
2026-06-18T03:57:29.964526106Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
TreasureHuntGame TreasureHunt acesso.php sql injection
Details

A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.

Database specific 
{
    "cna_assigner": "VulDB",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "last_affected": "963e0e0"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-74",
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12894.json"
}
References

Affected packages

Git / github.com/treasurehuntgame/treasurehunt

Affected ranges

Type
GIT
Repo
https://github.com/treasurehuntgame/treasurehunt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8bcc649abc35b7734951be084bb522a532faac4e
Database specific 
{
    "source": "REFERENCES"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-12894.json"