Car Driving School Management System Vulnerable to Cross-Site Request Forgery
CVE-2024-7662

6.5MEDIUM

Key Information:

Vendor
Sourcecodester
Status
Car Driving School Management System
Vendor
CVE Published:
12 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A cross-site request forgery vulnerability exists within the SourceCodester Car Driving School Management System 1.0, specifically affecting the save_package function found in the admin/packages/manag_package.php file. This vulnerability enables attackers to perform unauthorized actions on behalf of authenticated users without their consent. Attackers can exploit this vulnerability remotely, leading to potential data manipulation and unauthorized access to sensitive information. The exploit has been publicly disclosed, increasing the risk of attacks against systems utilizing this software.

Affected Version(s)

Car Driving School Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7662 - Proof of Concept

References

https://vuldb.com/?id.274120
vdb-entrytechnical-description
https://vuldb.com/?ctiid.274120
signaturepermissions-required
https://vuldb.com/?submit.388766
third-party-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

BFS-Lab (VulDB User)
.