CVE-2024-8555

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Open-Redirect.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.276774 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.276774 Third Party Advisory VDB Entry
https://vuldb.com/?submit.402386 Third Party Advisory VDB Entry
https://www.sourcecodester.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:clinic\'s_patient_management_system:2.0:*:*:*:*:*:*:*

History

10 Sep 2024, 13:53

Type Values Removed Values Added
References () https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Open-Redirect.md - () https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Open-Redirect.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.276774 - () https://vuldb.com/?ctiid.276774 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.276774 - () https://vuldb.com/?id.276774 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.402386 - () https://vuldb.com/?submit.402386 - Third Party Advisory, VDB Entry
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product
CVSS v2 : 5.0
v3 : 4.3
v2 : 5.0
v3 : 6.1
CPE cpe:2.3:a:oretnom23:clinic\'s_patient_management_system:2.0:*:*:*:*:*:*:*
First Time Oretnom23
Oretnom23 clinic\'s Patient Management System

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en SourceCodester Clinics Patient Management System 2.0. Se ha clasificado como problemática. Se ve afectada una función desconocida del archivo congratulations.php. La manipulación del argumento goto_page provoca una redirección abierta. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.

07 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-07 15:15

Updated : 2024-09-10 13:53


NVD link : CVE-2024-8555

Mitre link : CVE-2024-8555

CVE.ORG link : CVE-2024-8555


JSON object : View

Products Affected

oretnom23

  • clinic\'s_patient_management_system
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')