CVE-2024-7851

A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the component Add User Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/Wsstiger/cve/blob/main/Yoga_add.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.274756 Permissions Required VDB Entry
https://vuldb.com/?id.274756 VDB Entry
https://vuldb.com/?submit.391640 VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:yoga_class_registration_system:1.0:*:*:*:*:*:*:*

History

29 Aug 2024, 15:22

Type Values Removed Values Added
First Time Oretnom23
Oretnom23 yoga Class Registration System
CPE cpe:2.3:a:tips23:yoga_class_registration_system:1.0:*:*:*:*:*:*:* cpe:2.3:a:oretnom23:yoga_class_registration_system:1.0:*:*:*:*:*:*:*

28 Aug 2024, 21:10

Type Values Removed Values Added
References () https://github.com/Wsstiger/cve/blob/main/Yoga_add.md - () https://github.com/Wsstiger/cve/blob/main/Yoga_add.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.274756 - () https://vuldb.com/?ctiid.274756 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.274756 - () https://vuldb.com/?id.274756 - VDB Entry
References () https://vuldb.com/?submit.391640 - () https://vuldb.com/?submit.391640 - VDB Entry
CWE NVD-CWE-noinfo
First Time Tips23 yoga Class Registration System
Tips23
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
CPE cpe:2.3:a:tips23:yoga_class_registration_system:1.0:*:*:*:*:*:*:*

19 Aug 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en SourceCodester Yoga Class Registration System 1.0 y clasificada como crítica. Esta vulnerabilidad afecta a código desconocido del archivo /classes/Users.php?f=save del componente Add User Handler. La manipulación conduce a una autorización inadecuada. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

16 Aug 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-16 02:15

Updated : 2024-08-29 15:22


NVD link : CVE-2024-7851

Mitre link : CVE-2024-7851

CVE.ORG link : CVE-2024-7851


JSON object : View

Products Affected

oretnom23

  • yoga_class_registration_system
CWE
NVD-CWE-noinfo CWE-285

Improper Authorization