mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
110 lines
4.2 KiB
JSON
110 lines
4.2 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-4817",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263938 is the identifier assigned to this vulnerability."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "In Campcodes Online Laundry Management System 1.0 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei manage_user.php der Komponente HTTP Request Parameter Handler. Durch Manipulation des Arguments id mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-99 Improper Control of Resource Identifiers",
|
|
"cweId": "CWE-99"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Campcodes",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Online Laundry Management System",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.263938",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.263938"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.263938",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.263938"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?submit.333055",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?submit.333055"
|
|
},
|
|
{
|
|
"url": "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/IDOR_manage_user.md",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/IDOR_manage_user.md"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "yylm (VulDB User)"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 6.3,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 6.3,
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 6.5,
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
|
}
|
|
]
|
|
}
|
|
} |