Cross-Site Request Forgery in SourceCodester Tracking Monitoring Management System by SourceCodester
CVE-2024-7360

8.8HIGH

Key Information:

Vendor: Oretnom23
Status: Tracking Monitoring Management System
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-7360?

A significant vulnerability has been identified in the SourceCodester Tracking Monitoring Management System 1.0, located in the ajax.php component. This flaw allows attackers to execute cross-site request forgery (CSRF) attacks, which can be initiated remotely. As the exploit has been publicly disclosed, it raises serious concerns for users of the product, as unauthorized actions may be performed on behalf of authenticated users, potentially compromising their data and security integrity. Organizations utilizing this product should assess their exposure and implement mitigating strategies promptly.

References

https://vuldb.com/?id.273339

https://vuldb.com/?ctiid.273339

https://vuldb.com/?submit.383495

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024

Oretnom23

What is CVE-2024-7360?

References

CVSS V3.1

Timeline