CVE-2024-7912
CodeAstro Online Railway Reservation System assets exposure of information through directory listing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
In CodeAstro Online Railway Reservation System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/assets/. Mittels dem Manipulieren mit unbekannten Daten kann eine exposure of information through directory listing-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-08-17 CVE Reserved
- 2024-08-18 CVE Published
- 2024-08-19 CVE Updated
- 2024-08-19 First Exploit
- 2024-08-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-548: Exposure of Information Through Directory Listing
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.275038 | Vdb Entry | |
https://vuldb.com/?submit.391658 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Directory%20Listing.md | 2024-08-19 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
CodeAstro Search vendor "CodeAstro" | Online Railway Reservation System Search vendor "CodeAstro" for product "Online Railway Reservation System" | 1.0 Search vendor "CodeAstro" for product "Online Railway Reservation System" and version "1.0" | en |
Affected
|