exploitDog

CVE-2024-41251

Опубликовано: 07 авг. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.

Ссылки

https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Broken%20Access%20Control%20-%20Admin%20Dashboard%20-%20Registered%20Teacher.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lopalopa:responsive_school_management_system:3.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00286

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-284

Связанные уязвимости

GHSA-j9x3-2fgg-9qgj

CVSS3: 6.5

github

больше 1 года назад

An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.

EPSS

Процентиль: 52%

0.00286

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-284