CVE-2024-7460

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273553 was assigned to this vulnerability.
References
Link Resource
https://gist.github.com/topsky979/b178dd940d98828d1dfd0ccaaaddeb6b Exploit Third Party Advisory
https://vuldb.com/?ctiid.273553 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.273553 Third Party Advisory VDB Entry
https://vuldb.com/?submit.379593 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siamonhasan:warehouse_inventory_system:1.0:*:*:*:*:*:*:*
cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*

History

06 Aug 2024, 17:19

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 4.3
v2 : 5.0
v3 : 8.8
CPE cpe:2.3:a:siamonhasan:warehouse_inventory_system:1.0:*:*:*:*:*:*:*
cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*
First Time Siamonhasan warehouse Inventory System
Siamonhasan
References () https://gist.github.com/topsky979/b178dd940d98828d1dfd0ccaaaddeb6b - () https://gist.github.com/topsky979/b178dd940d98828d1dfd0ccaaaddeb6b - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.273553 - () https://vuldb.com/?ctiid.273553 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.273553 - () https://vuldb.com/?id.273553 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.379593 - () https://vuldb.com/?submit.379593 - Third Party Advisory, VDB Entry

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en OSWAPP Warehouse Inventory System 1.0/2.0. Ha sido declarada problemática. Una función desconocida del archivo /change_password.php es afectada por esta vulnerabilidad. La manipulación conduce a cross-site request forgery. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-273553.

04 Aug 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-04 23:15

Updated : 2024-08-06 17:19


NVD link : CVE-2024-7460

Mitre link : CVE-2024-7460

CVE.ORG link : CVE-2024-7460


JSON object : View

Products Affected

siamonhasan

  • warehouse_inventory_system
CWE
CWE-352

Cross-Site Request Forgery (CSRF)