SourceCodester Clinic Queuing System LoginRegistration.php authorization
CVE-2024-0264

7.3HIGH

Key Information:

Vendor: Sourcecodester
Status: Clinic Queuing System
Vendor: CVE Published:; 7 January 2024

🔔 Create Sourcecodester Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-0264?

The vulnerability in SourceCodester's Clinic Queuing System 1.0 involves an authorization bypass stemming from the manipulation of the formToken argument in the /LoginRegistration.php file. This flaw allows attackers to exploit the system remotely, facilitating unauthorized access to sensitive areas of the application. The potential for remote exploitation raises significant security concerns, especially since the exploit has already been disclosed publicly. Organizations using this version of the Clinic Queuing System should assess their security posture and apply necessary patches or mitigations.

Affected Version(s)

Clinic Queuing System 1.0

References

https://vuldb.com/?id.249820

vdb-entrytechnical-description

https://vuldb.com/?ctiid.249820

signaturepermissions-required

https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 7, 2024
👾
Exploit known to exist
Jan 7, 2024
Vulnerability published
Jan 7, 2024
Vulnerability Reserved
Jan 6, 2024

Credit

Echidonut (VulDB User)

JSON