Products
SourceCodester Insurance Management System
- 1.0
Source
cna@vuldb.com
Tags
CVE-2024-7080 details
Published : July 24, 2024, 8:15 p.m.
Last Modified : July 24, 2024, 8:15 p.m.
Last Modified : July 24, 2024, 8:15 p.m.
Description
A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability.
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-425 | Direct Request ('Forced Browsing') | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.3
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://github.com/Xu-Mingming/cve/blob/main/bianli.md | cna@vuldb.com |
| https://vuldb.com/?ctiid.272365 | cna@vuldb.com |
| https://vuldb.com/?id.272365 | cna@vuldb.com |
| https://vuldb.com/?submit.379487 | cna@vuldb.com |
This website uses the NVD API, but is not approved or certified by it.