Improper Authorization in SourceCodester Computer Laboratory Management System
CVE-2024-3139

5.4MEDIUM

Key Information:

Vendor: SourceCodester Computer Laboratory Management System
Status: Computer Laboratory Management System
Vendor: CVE Published:; 1 April 2024

Summary

A critical vulnerability has been identified in the SourceCodester Computer Laboratory Management System version 1.0. This security flaw arises from improper authorization in the 'save_users' function of the '/classes/Users.php?f=save' file. The vulnerability is due to the manipulation of the 'id' argument, which could allow an unauthorized user to perform operations they should not have access to. The issue can be exploited remotely, making it a significant concern for any systems utilizing this management software. Since the exploit has been publicized, organizations using this application are strongly urged to assess their security posture and apply necessary patches to mitigate potential attacks.

References

https://vuldb.com/?id.258914

https://vuldb.com/?ctiid.258914

https://vuldb.com/?submit.308207

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2024