CVE-2024-0781

Опубликовано: 22 янв. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability.

Ссылки

https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.251697
Third Party Advisory
https://vuldb.com/?id.251697
Third Party Advisory
https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.251697
Third Party Advisory
https://vuldb.com/?id.251697
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:martmbithi:internet_banking_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00081

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-4925-mgwr-wqv7

CVSS3: 3.5

github

около 2 лет назад

A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability.

EPSS

Процентиль: 24%

0.00081

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-601