CVE-2024-40480
published 2024-08-12CVE-2024-40480: A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
41.0th percentile
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jayesh | online_exam_system | — | — |
| oretnom23 | online_exam_system | — | — |
| sourcecodester | online_exam_system | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rgxw-5jvr-8c53: A vulnerability classified as critical has been found in SourceCodester Online Exam System 1
ghsa_unreviewed·2024-10-25·CVSS 9.8
CVE-2024-10353 [CRITICAL] CWE-284 GHSA-rgxw-5jvr-8c53: A vulnerability classified as critical has been found in SourceCodester Online Exam System 1
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This affects a different product and is a different issue than CVE-2024-40480.
GHSA
GHSA-rmh7-px2g-m7q9: A Broken Access Control vulnerability was found in /admin/update
ghsa_unreviewed·2024-08-12
CVE-2024-40480 [CRITICAL] CWE-284 GHSA-rmh7-px2g-m7q9: A Broken Access Control vulnerability was found in /admin/update
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
No detection rules found.
No public exploits indexed.
2024-08-12
Published