Cross-Site Scripting Vulnerability in Wazifa System by Code-Projects
CVE-2024-12001
Key Information
- Vendor
- Code-projects
- Status
- Wazifa System
- Vendor
- CVE Published:
- 30 November 2024
Badges
Summary
CVE-2024-12001 describes a significant cross-site scripting (XSS) vulnerability in the Wazifa System 1.0 developed by Code-Projects. The flaw resides in the updatesettings.php file within the settings handler component, where manipulation of the 'firstname' parameter can be exploited. This vulnerability allows attackers to execute arbitrary scripts in the context of the user's session, leading to potential theft of sensitive information or hijacking of user accounts. The vulnerability can be remotely exploited, making it particularly concerning. Users and administrators are advised to apply necessary patches and monitor their systems for any malicious activities.
Affected Version(s)
Wazifa System = 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved