CVE-2024-6807
SourceCodester Student Study Center Desk Management System HTTP POST Request Users.php cross site scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271706 is the identifier assigned to this vulnerability.
Una vulnerabilidad fue encontrada en SourceCodester Student Study Center Desk Management System 1.0 y clasificada como problemática. Una función desconocida del archivo /sscdms/classes/Users.php?f=save del componente HTTP POST Request Handler es afectada por esta vulnerabilidad. La manipulación del argumento nombre/segundo nombre/apellido/nombre de usuario conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-271706 es el identificador asignado a esta vulnerabilidad.
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Eine Schwachstelle wurde in SourceCodester Student Study Center Desk Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /sscdms/classes/Users.php?f=save der Komponente HTTP POST Request Handler. Mittels Manipulieren des Arguments firstname/middlename/lastname/username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-16 CVE Reserved
- 2024-07-17 CVE Published
- 2024-08-26 CVE Updated
- 2024-08-26 EPSS Updated
- 2024-08-26 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6807 | ||
https://vuldb.com/?id.271706 | Technical Description | |
https://www.sourcecodester.com | Product |
URL | Date | SRC |
---|---|---|
https://vuldb.com/?submit.374853 | 2024-08-26 | |
https://reports.kunull.net/CVEs/2024/CVE-2024-6807 | 2024-08-26 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Student Study Center Desk Management System Project Search vendor "Student Study Center Desk Management System Project" | Student Study Center Desk Management System Search vendor "Student Study Center Desk Management System Project" for product "Student Study Center Desk Management System" | 1.0 Search vendor "Student Study Center Desk Management System Project" for product "Student Study Center Desk Management System" and version "1.0" | - |
Affected
|