CVE-2024-6649
SourceCodester Employee and Visitor Gate Pass Logging System Users.php save_users cross-site request forgery
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability.
Se encontró una vulnerabilidad en SourceCodester Employee and Visitor Gate Pass Logging System 1.0 y se clasificó como problemática. La función save_users del archivo Users.php es afectada por esta vulnerabilidad. La manipulación conduce a la Cross-Site Request Forgery. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-271057.
In SourceCodester Employee and Visitor Gate Pass Logging System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion save_users der Datei Users.php. Mittels Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-07-10 CVE Reserved
- 2024-07-10 CVE Published
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- 2024-10-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.271057 | Technical Description | |
| https://vuldb.com/?submit.370663 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Xu-Mingming/cve/blob/main/csrf1.md | 2024-08-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SourceCodester Search vendor "SourceCodester" | Employee And Visitor Gate Pass Logging System Search vendor "SourceCodester" for product "Employee And Visitor Gate Pass Logging System" | 1.0 Search vendor "SourceCodester" for product "Employee And Visitor Gate Pass Logging System" and version "1.0" | en |
Affected
| ||||||