CVE-2024-0260

A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816.
References
Link Resource
https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo Exploit Third Party Advisory
https://vuldb.com/?ctiid.249816 Permissions Required Third Party Advisory
https://vuldb.com/?id.249816 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*

History

10 Jan 2024, 20:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://vuldb.com/?ctiid.249816 - () https://vuldb.com/?ctiid.249816 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.249816 - () https://vuldb.com/?id.249816 - Third Party Advisory
References () https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo - () https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo - Exploit, Third Party Advisory
CPE cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*
First Time Engineers Online Portal Project
Engineers Online Portal Project engineers Online Portal

07 Jan 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-07 00:15

Updated : 2024-05-17 02:34


NVD link : CVE-2024-0260

Mitre link : CVE-2024-0260

CVE.ORG link : CVE-2024-0260


JSON object : View

Products Affected

engineers_online_portal_project

  • engineers_online_portal
CWE
CWE-613

Insufficient Session Expiration