Improper Authorization Vulnerability in SourceCodester Simple Online Bidding System
CVE-2024-7799

7.3HIGH

Key Information:

Vendor
Sourcecodester
Status
Simple Online Bidding System
Vendor
CVE Published:
15 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A newly discovered vulnerability in SourceCodester's Simple Online Bidding System version 1.0 exposes a critical flaw in the user administration functionality, specifically within the file located at /simple-online-bidding-system/bidding/admin/users.php. This vulnerability allows an attacker to bypass proper authorization mechanisms, enabling unauthorized access to sensitive user data and administrative functions. The attack can be conducted remotely, raising significant security concerns for affected installations. Security experts recommend reviewing system configurations and applying necessary patches to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Simple Online Bidding System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7799 - Proof of Concept

References

https://vuldb.com/?id.274652
vdb-entry
https://vuldb.com/?ctiid.274652
signaturepermissions-required
https://vuldb.com/?submit.390302
third-party-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

Credit

Wsstiger (VulDB User)
.