Improper Access Control Vulnerability in nafisulbari Insurance Management System
CVE-2024-8216

5.4MEDIUM

Key Information:

Vendor
Nafisulbari
Status
Insurance Management System
Vendor
CVE Published:
27 August 2024

Summary

A vulnerability was identified in the nafisulbari Insurance Management System version 1.0, specifically affecting the Payment Handler component's editPayment.php file. This flaw allows for improper access controls, wherein manipulation of the argument 'recipt_no' can lead to unauthorized access. Attackers can exploit this vulnerability remotely, posing significant security risks to users and data. Despite efforts to notify the vendor, there has been no response regarding this critical issue. Immediate action and remediation steps are recommended for affected entities.

Affected Version(s)

Insurance Management System 1.0

Insurance Management System 1.0

References

https://vuldb.com/?id.275924
vdb-entrytechnical-description
https://vuldb.com/?ctiid.275924
signaturepermissions-required
https://vuldb.com/?submit.393532
third-party-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

fahadletsleep (VulDB User)
.