CVE-2024-9082

CWE-266 CWE-285 CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 53.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Online Eyewear Shop Oretnom23 Online Eyewear Shop

Timeline

PublishedSep 22

Description

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save of the component User Creation Handler. The manipulation of the argument Type with the input 1 leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/online_eyewear_shop1.0

▶NVDoretnom23/online_eyewear_shop1.0

🔴Vulnerability Details

GHSA

GHSA-92rj-4rqf-4mg5: A vulnerability was found in SourceCodester Online Eyewear Shop 1↗2024-09-22

▶

CVEList

SourceCodester Online Eyewear Shop User Creation Users.php improper authorization↗2024-09-22

▶