CVE-2024-45983

Exploit

EPSS 0.18%
Veröffentlicht 26.09.2024 16:15:08
Zuletzt bearbeitet 16.05.2025 20:29:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim's browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin without their consent.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kishan0725 ≫ Hospital Management System Version6.3.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.392

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/soursec/CVEs/tree/main/CVE-2024-45983

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-45983

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45983

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45983

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45983