CVE-2024-40480

A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jayesh:online_exam_system:1.0:*:*:*:*:*:*:*

History

21 Aug 2024, 21:35

Type Values Removed Values Added
CWE CWE-284

15 Aug 2024, 13:47

Type Values Removed Values Added
CPE cpe:2.3:a:jayesh:online_exam_system:1.0:*:*:*:*:*:*:*
Summary
  • (es) Se encontró una vulnerabilidad de control de acceso roto en /admin/update.php y /admin/dashboard.php en Kashipara Online Exam System v1.0, que permite a atacantes remotos no autenticados ver el panel del administrador y eliminar cuentas de usuario válidas a través del acceso URL directo.
First Time Jayesh online Exam System
Jayesh
CWE NVD-CWE-Other
References () https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Broken%20Access%20Control%20-%20Admin%20Dashboard%20and%20User%20Deletion.pdf - () https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Broken%20Access%20Control%20-%20Admin%20Dashboard%20and%20User%20Deletion.pdf - Third Party Advisory
References () https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download - () https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download - Product
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

12 Aug 2024, 13:41

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-21 21:35


NVD link : CVE-2024-40480

Mitre link : CVE-2024-40480

CVE.ORG link : CVE-2024-40480


JSON object : View

Products Affected

jayesh

  • online_exam_system
CWE
NVD-CWE-Other CWE-284

Improper Access Control