A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
References
Configurations
History
21 Aug 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-284 |
15 Aug 2024, 13:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:jayesh:online_exam_system:1.0:*:*:*:*:*:*:* | |
Summary |
|
|
First Time |
Jayesh online Exam System
Jayesh |
|
CWE | NVD-CWE-Other | |
References | () https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Broken%20Access%20Control%20-%20Admin%20Dashboard%20and%20User%20Deletion.pdf - Third Party Advisory | |
References | () https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-08-21 21:35
NVD link : CVE-2024-40480
Mitre link : CVE-2024-40480
CVE.ORG link : CVE-2024-40480
JSON object : View
Products Affected
jayesh
- online_exam_system
CWE