CVE-2024-7459

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552.
References
Link Resource
https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad Exploit Third Party Advisory
https://vuldb.com/?ctiid.273552 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.273552 Third Party Advisory VDB Entry
https://vuldb.com/?submit.379590 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siamonhasan:warehouse_inventory_system:1.0:*:*:*:*:*:*:*
cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*

History

06 Aug 2024, 17:14

Type Values Removed Values Added
First Time Siamonhasan warehouse Inventory System
Siamonhasan
CPE cpe:2.3:a:siamonhasan:warehouse_inventory_system:1.0:*:*:*:*:*:*:*
cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*
CVSS v2 : 5.0
v3 : 4.3
v2 : 5.0
v3 : 8.8
References () https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad - () https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.273552 - () https://vuldb.com/?ctiid.273552 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.273552 - () https://vuldb.com/?id.273552 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.379590 - () https://vuldb.com/?submit.379590 - Third Party Advisory, VDB Entry

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en OSWAPP Warehouse Inventory System 1.0/2.0. Ha sido clasificada como problemática. Una función desconocida del archivo /edit_account.php es afectada por esta vulnerabilidad. La manipulación conduce a cross-site request forgery. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-273552.

04 Aug 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-04 23:15

Updated : 2024-08-06 17:14


NVD link : CVE-2024-7459

Mitre link : CVE-2024-7459

CVE.ORG link : CVE-2024-7459


JSON object : View

Products Affected

siamonhasan

  • warehouse_inventory_system
CWE
CWE-352

Cross-Site Request Forgery (CSRF)