Cross Site Scripting Vulnerability in PHP CRUD 1.0 Could Lead to Remote Exploitation
CVE-2024-8563

6.1MEDIUM

Key Information:

Vendor
Sourcecodester
Status
PHP Crud
Vendor
CVE Published:
7 September 2024

Summary

A vulnerability exists in the SourceCodester PHP CRUD version 1.0, specifically in the /endpoint/update.php file. An attacker can exploit this issue by manipulating the parameters first_name, middle_name, or last_name, resulting in cross-site scripting (XSS). This flaw permits the remote execution of malicious scripts in the context of a user’s session, potentially compromising sensitive information and web application integrity. The details of this exploit have been disclosed publicly, increasing the risk of an attack in the wild.

Affected Version(s)

PHP CRUD 1.0

References

https://vuldb.com/?id.276783
vdb-entrytechnical-description
https://vuldb.com/?ctiid.276783
signaturepermissions-required
https://vuldb.com/?submit.403661
third-party-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Delvy (VulDB User)
.