Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-0265

CWE-734 documents4 sources

Severity

8.8HIGH

EPSS

0.9%

top 24.12%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sourcecodester Clinic Queuing System Oretnom23 Clinic Queuing System

Timeline

PublishedJan 7

Latest updateMay 8

Description

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sourcecodester/clinic_queuing_system1.0

▶NVDoretnom23/clinic_queuing_system1.0

🔴Vulnerability Details

GHSA

GHSA-pxq7-f883-cw7m: A vulnerability was found in SourceCodester Clinic Queuing System 1↗2024-01-07

▶

CVEList

SourceCodester Clinic Queuing System GET Parameter index.php file inclusion↗2024-01-07

▶

💥Exploits & PoCs

Exploit-DB

Clinic Queuing System 1.0 - RCE↗2024-05-08

▶