CVE-2024-5045 - OpenCVE

A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md
https://vuldb.com/?ctiid.264742
https://vuldb.com/?id.264742
https://vuldb.com/?submit.335384

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2024-05-17T12:31:03.558Z

Updated: 2024-06-20T19:31:23.980Z

Reserved: 2024-05-17T05:48:29.413Z

Link: CVE-2024-5045

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-17T13:15:59.170

Modified: 2024-06-20T20:15:20.153

Link: CVE-2024-5045

JSON object: View

Redhat Information

No data.

CWE

CWE-552

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5045", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-05-17T05:48:29.413Z", "datePublished": "2024-05-17T12:31:03.558Z", "dateUpdated": "2024-06-20T19:31:23.980Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-05-17T12:31:03.558Z"}, "title": "SourceCodester Online Birth Certificate Management System admin file access", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-552", "lang": "en", "description": "CWE-552 Files or Directories Accessible"}]}], "affected": [{"vendor": "SourceCodester", "product": "Online Birth Certificate Management System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "In SourceCodester Online Birth Certificate Management System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin. Mittels dem Manipulieren mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-05-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-05-17T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-05-17T07:53:32.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "HuoMingZ (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.264742", "name": "VDB-264742 | SourceCodester Online Birth Certificate Management System admin file access", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.264742", "name": "VDB-264742 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.335384", "name": "Submit #335384 | sourcecodeste Online Birth Certificate Management System 1.0 Directory traversal attack", "tags": ["third-party-advisory"]}, {"url": "https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T19:31:15.488826Z", "id": "CVE-2024-5045", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T19:31:23.980Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264742 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": " Se encontr\u00f3 una vulnerabilidad en SourceCodester Online Birth Certificate Management System 1.0. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /admin. La manipulaci\u00f3n conduce a archivos o directorios accesibles. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-264742 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2024-5045", "lastModified": "2024-06-20T20:15:20.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-05-17T13:15:59.170", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/HuoMingZ/aoligei/blob/main/yuzu.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.264742"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.264742"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.335384"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "cna@vuldb.com", "type": "Primary"}]}