exploitDog

CVE-2024-26492

Опубликовано: 07 мар. 2024

Источник: nvd

CVSS3: 6.3

EPSS Низкий

Описание

An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.

Ссылки

https://packetstormsecurity.com/files/165555/Online-Diagnostic-Lab-Management-System-1.0-Missing-Access-Control.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50660
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/165555/Online-Diagnostic-Lab-Management-System-1.0-Missing-Access-Control.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/50660
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oretnom23:online_diagnostic_lab_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00332

Низкий

6.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8497-6qx5-88vv

CVSS3: 6.3

github

почти 2 года назад

An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.

EPSS

Процентиль: 56%

0.00332

Низкий

6.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo