Back

CVE-2024-42775

Aug. 22, 2024, 8:35 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Kashipara Hotel Management System

  • 1.0

Source

cve@mitre.org

Tags

cve@mitre.org
CWE-284
2024-08-22
CVE-2024-42775

CVE-2024-42775 details

Published : Aug. 22, 2024, 5:15 p.m.
Last Modified : Aug. 22, 2024, 8:35 p.m.

Description

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.

CVSS Score

1 2 3 4 5 6 7 8 9.1 10

Weakness

Weakness Name Description
CWE-284 Improper Access Control The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

9.1

Exploitability Score

3.9

Impact Score

5.2

Base Severity

CRITICAL

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

URL Source
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Add%20New%20Room%20Entry.pdf cve@mitre.org
https://www.kashipara.com/ cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.