Car Driving School Management System Vulnerable to Cross-Site Request Forgery
CVE-2024-7662
Key Information:
- Vendor
- Sourcecodester
- Vendor
- CVE Published:
- 12 August 2024
Badges
Summary
A cross-site request forgery vulnerability exists within the SourceCodester Car Driving School Management System 1.0, specifically affecting the save_package function found in the admin/packages/manag_package.php file. This vulnerability enables attackers to perform unauthorized actions on behalf of authenticated users without their consent. Attackers can exploit this vulnerability remotely, leading to potential data manipulation and unauthorized access to sensitive information. The exploit has been publicly disclosed, increasing the risk of attacks against systems utilizing this software.
Affected Version(s)
Car Driving School Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved