Access Control Flaw in Sourcecodester Computer Laboratory Management System
CVE-2024-41332

6.5MEDIUM

Key Information:

Vendor: Oretnom23
Status: Computer Laboratory Management System
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-41332?

An access control issue in the delete_category function of Sourcecodester's Computer Laboratory Management System v1.0 allows authenticated users with minimal privileges to delete categories without proper authorization. This flaw poses significant risks as it could lead to unauthorized data manipulation by users who should not have such capabilities, potentially compromising the system's integrity and data structure.

References

https://www.linkedin.com/in/sampath-kumar-kadajari-4b18891a7

https://packetstormsecurity.com/files/179890/Computer-Lab...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Jul 18, 2024

Oretnom23

What is CVE-2024-41332?

References

CVSS V3.1

Timeline