Insufficiently Protected Credentials in Profile Image Handler Could Lead to Remote Exploitation
CVE-2024-7813
7.5HIGH
Key Information
- Vendor
- Sourcecodester
- Status
- Prison Management System
- Vendor
- CVE Published:
- 15 August 2024
Badges
πΎ Exploit Existsπ‘ Public PoC
Summary
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected Version(s)
Prison Management System = 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database1 Proof of Concept(s)
Credit
Raj Nandi (VulDB User)