Remote Denial of Service Vulnerability in Employee Task Management System 1.0
CVE-2024-1199

7.5HIGH

Key Information:

Vendor: CodeAstro
Status: Employee Task Management System
Vendor: CVE Published:; 3 February 2024

What is CVE-2024-1199?

A vulnerability exists within the CodeAstro Employee Task Management System 1.0 that allows for denial of service due to improper handling of arguments in the attendance-info.php file. Malicious actors can exploit this vulnerability by manipulating the aten_id parameter, which may cause system disruption. The vulnerability can be exploited remotely, raising significant concerns for users of the product. This issue has been publicly disclosed, and it is essential for organizations utilizing the affected software to assess their exposure and take appropriate mitigating actions.

References

https://vuldb.com/?id.252697

https://vuldb.com/?ctiid.252697

https://docs.qq.com/doc/DYnhIWEdkZXViTXdD

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2024