Kashipara Bus Ticket Reservation System v1.0 Vulnerable to CSRF via /deleteTicket.php
CVE-2024-42764

9.4CRITICAL

Key Information:

Vendor: Kashipara Bus Ticket Reservation System
Status: Bus Ticket Reservation System
Vendor: CVE Published:; 23 August 2024

🔔 Create Kashipara Bus Ticket Reservation System Vulnerability Alert

What is CVE-2024-42764?

The Kashipara Bus Ticket Reservation System version 1.0 is susceptible to a Cross Site Request Forgery (CSRF) attack. This vulnerability can be exploited through the /deleteTicket.php endpoint, allowing attackers to perform unauthorized actions on behalf of authenticated users without their consent. This security gap poses significant risks as it may lead to the deletion of crucial ticket data, affecting both users and the integrity of the ticketing system.

References

https://www.kashipara.com/

https://github.com/takekaramey/CVE_Writeup/blob/main/Kash...

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2024
Vulnerability Reserved
Aug 5, 2024

CVE-2024-42764 Data

JSON