Stack-Based Buffer Overflow in Code-Projects Hotel Management System
CVE-2024-12186

7.8HIGH

Key Information:

Vendor

Code-projects

Status
Hotel Management System
Vendor
CVE Published:
5 December 2024

Badges

👾 Exploit Exists

What is CVE-2024-12186?

CVE-2024-12186 is a high-risk vulnerability identified in the Code-Projects Hotel Management System version 1.0. The flaw originates from a stack-based buffer overflow in the 'Available Room Handler' component, specifically within the 'hotelnew.c' file. The vulnerability allows an attacker with local access to manipulate the 'admin_entry' argument, potentially leading to arbitrary code execution. Exploitation of this vulnerability requires local access to the system, but once successful, it can lead to significant security breaches. It is crucial for users of this product to apply patches and mitigate the risk associated with this vulnerability promptly.

Affected Version(s)

Hotel Management System 1.0

References

https://vuldb.com/?id.286907
vdb-entrytechnical-description
https://vuldb.com/?ctiid.286907
signaturepermissions-required
https://vuldb.com/?submit.454846
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

Credit

zzan (VulDB User)
.