CVE-2024-4817

14.05.2024, 15:45

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263938 is the identifier assigned to this vulnerability.

Resource Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	6.3 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Vendor	Product	Version
campcodes	online_laundry_management_system	1.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/IDOR_manage_user.md

https://vuldb.com/?ctiid.263938

https://vuldb.com/?id.263938

https://vuldb.com/?submit.333055

https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/IDOR_manage_user.md

https://vuldb.com/?ctiid.263938

https://vuldb.com/?id.263938

https://vuldb.com/?submit.333055