// For flags

CVE-2024-41332

Computer Laboratory Management System 1.0 Privilege Escalation

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.

Computer Laboratory Management System version 1.0 suffers from an incorrect access control that allows for privilege escalation.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Complete
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-07-18 CVE Reserved
  • 2024-08-02 CVE Published
  • 2024-08-02 First Exploit
  • 2024-08-12 CVE Updated
  • 2024-08-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oretnom23
Search vendor "Oretnom23"
 Computer Laboratory Management System
Search vendor "Oretnom23" for product "Computer Laboratory Management System"
*-
Affected
Sourcecodester
Search vendor "Sourcecodester"
 Computer Laboratory Management System
Search vendor "Sourcecodester" for product "Computer Laboratory Management System"
*-
Affected