CVE-2024-2531 | THREATINT

Description

A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Es wurde eine kritische Schwachstelle in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/update-rooms.php. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

PUBLISHED Reserved 2024-03-15 | Published 2024-03-16 | Updated 2024-08-01 | Assigner VulDB

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.5AV:N/AC:L/Au:S/C:P/I:P/A:P

Problem types

CWE-434 Unrestricted Upload

Product status

1.0

affected

Timeline

2024-03-15:	Advisory disclosed
2024-03-15:	VulDB entry created
2024-03-15:	VulDB entry last update

Credits

Joshua Lictan finder

nochizplz (VulDB User) reporter

nochizplz (VulDB User) analyst

References

vuldb.com/?id.256968 (VDB-256968 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php unrestricted upload) vdb-entry

vuldb.com/?ctiid.256968 (VDB-256968 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

github.com/...em/Arbitrary File Upload - update-rooms.php.md exploit patch

cve.org (CVE-2024-2531)

nvd.nist.gov (CVE-2024-2531)

Download JSON