CVE-2024-6212

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269276.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:49

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 6.1
v2 : 4.0
v3 : 3.5
References () https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing - Exploit () https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing - Exploit
References () https://vuldb.com/?ctiid.269276 - Permissions Required, Third Party Advisory () https://vuldb.com/?ctiid.269276 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.269276 - Third Party Advisory () https://vuldb.com/?id.269276 - Third Party Advisory
References () https://vuldb.com/?submit.359229 - Third Party Advisory () https://vuldb.com/?submit.359229 - Third Party Advisory

30 Aug 2024, 13:54

Type Values Removed Values Added
CWE CWE-89

23 Aug 2024, 02:16

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 6.1
Summary
  • (es) Una vulnerabilidad fue encontrada en SourceCodester Simple Student Attendance System 1.0 y clasificada como problemática. La función get_student del archivo Student_form.php es afectada por esta vulnerabilidad. La manipulación del argumento id conduce a Cross-Site Scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-269276.
References () https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing - () https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing - Exploit
References () https://vuldb.com/?ctiid.269276 - () https://vuldb.com/?ctiid.269276 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.269276 - () https://vuldb.com/?id.269276 - Third Party Advisory
References () https://vuldb.com/?submit.359229 - () https://vuldb.com/?submit.359229 - Third Party Advisory
CPE cpe:2.3:a:oretnom23:simple_student_attendance_system:1.0:*:*:*:*:*:*:*
First Time Oretnom23 simple Student Attendance System
Oretnom23

21 Jun 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-21 00:15

Updated : 2024-11-21 09:49


NVD link : CVE-2024-6212

Mitre link : CVE-2024-6212

CVE.ORG link : CVE-2024-6212


JSON object : View

Products Affected

oretnom23

  • simple_student_attendance_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')