CVE-2024-3376
SourceCodester Computer Laboratory Management System config.php redirect
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability.
Una vulnerabilidad ha sido encontrada en SourceCodester Computer Laboratory Management System 1.0 y clasificada como crítica. Una parte desconocida del archivo config.php afecta a esta vulnerabilidad. La manipulación del argumento URL conduce a la ejecución después de la redirección. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-259497.
Es wurde eine Schwachstelle in SourceCodester Computer Laboratory Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei config.php. Durch das Manipulieren des Arguments url mit unbekannten Daten kann eine execution after redirect-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-05 CVE Reserved
- 2024-04-06 CVE Published
- 2024-04-07 EPSS Updated
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-698: Execution After Redirect (EAR)
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.259497 | Technical Description | |
https://vuldb.com/?submit.311154 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/Sospiro014/zday1/blob/main/Execution_After_Redirect.md | 2024-08-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
SourceCodester Search vendor "SourceCodester" | Computer Laboratory Management System Search vendor "SourceCodester" for product "Computer Laboratory Management System" | 1.0 Search vendor "SourceCodester" for product "Computer Laboratory Management System" and version "1.0" | en |
Affected
|