CVE-2024-0349

CWE-6143 documents3 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 85.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Engineers Online Portal Engineers Online Portal Project Engineers Online Portal

Timeline

PublishedJan 9

Latest updateJan 10

Description

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sourcecodester/engineers_online_portal1.0

▶NVDengineers_online_portal_project/engineers_online_portal1.0

🔴Vulnerability Details

GHSA

GHSA-qj6j-5mq9-mgj8: A vulnerability was found in SourceCodester Engineers Online Portal 1↗2024-01-10

▶

CVEList

SourceCodester Engineers Online Portal missing secure attribute↗2024-01-09

▶