CodeAstro Online Railway Reservation System pass-profile.php cross site scripting
CVE-2024-0782

3.5LOW

Key Information:

Vendor: Codeastro
Status: Online Railway Reservation System
Vendor: CVE Published:; 22 January 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-0782?

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability.

Affected Version(s)

Online Railway Reservation System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0782 - Proof of Concept

References

https://vuldb.com/?id.251698

vdb-entrytechnical-description

https://vuldb.com/?ctiid.251698

signaturepermissions-required

https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3...

exploit

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 22, 2024
👾
Exploit known to exist
Jan 22, 2024
Vulnerability published
Jan 22, 2024
Vulnerability Reserved
Jan 22, 2024

Credit

Mohammed Aashique (VulDB User)

Codeastro