CVE-2024-57429

{"id": "CVE-2024-57429", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-02-06T17:15:20.627", "references": [{"url": "https://github.com/ahrixia/CVE-2024-57429", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.phpjabbers.com/cinema-booking-system/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site request forgery (CSRF) en la funci\u00f3n pjActionUpdate de PHPJabbers Cinema Booking System v2.0 permite a atacantes remotos escalar privilegios enga\u00f1ando a un administrador autenticado para que env\u00ede una solicitud no autorizada."}], "lastModified": "2025-06-24T00:13:05.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpjabbers:cinema_booking_system:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2192B8FB-CC44-47A7-9CD4-3778B1874B25"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}