SourceCodester Engineers Online Portal signup_teacher.php weak password
CVE-2024-0347

3.7LOW

Key Information:

Vendor
SourceCodester
Status
Engineers Online Portal
Vendor
CVE Published:
9 January 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115.

Affected Version(s)

Engineers Online Portal 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0347 - Proof of Concept

References

https://vuldb.com/?id.250115
vdb-entrytechnical-description
https://vuldb.com/?ctiid.250115
signaturepermissions-required
https://mega.nz/file/2d8GiY4Z#QSKItMUgIsW1-A-QPs9dgUSd2SC...
exploit

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ahmed8199 (VulDB User)
.