CVE-2024-0351

Exploit

EPSS 0.05%
Veröffentlicht 09.01.2024 23:15:10
Zuletzt bearbeitet 21.11.2024 08:46:22
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Engineers Online Portal Project ≫ Engineers Online Portal Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	0.9	2.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
cna@vuldb.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.250119

Third Party Advisory

Permissions Required

https://vuldb.com/?id.250119

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-0351

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0351

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0351

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-0351