SourceCodester Clinic Queuing System LoginRegistration.php authorization
CVE-2024-0264

7.3HIGH

Key Information:

Vendor

Sourcecodester
Status
Clinic Queuing System
Vendor
CVE Published:
7 January 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-0264?

The vulnerability in SourceCodester's Clinic Queuing System 1.0 involves an authorization bypass stemming from the manipulation of the formToken argument in the /LoginRegistration.php file. This flaw allows attackers to exploit the system remotely, facilitating unauthorized access to sensitive areas of the application. The potential for remote exploitation raises significant security concerns, especially since the exploit has already been disclosed publicly. Organizations using this version of the Clinic Queuing System should assess their security posture and apply necessary patches or mitigations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Clinic Queuing System 1.0

References

https://vuldb.com/?id.249820
vdb-entrytechnical-description
https://vuldb.com/?ctiid.249820
signaturepermissions-required
https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/
related

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Echidonut (VulDB User)
JSON
.