Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSampath Kumar KadajariPACKETSTORM:179890
HistoryAug 02, 2024 - 12:00 a.m.

Computer Laboratory Management System 1.0 Privilege Escalation

2024-08-0200:00:00
Sampath Kumar Kadajari
packetstormsecurity.com
139
vulnerability
access control
privilege escalation
sourcecodester
php
mysql
cve-2024-41332
security flaw
authentication
admin role

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

21.4%

JSON
`# Exploit Title: Computer Laboratory Management System v1.0 - Incorrect access control  
# Date: 08 July 2024  
# Exploit Author: Sampath kumar kadajari  
# Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=17268&title=Computer+Laboratory+Management+System+using+PHP+and+MySQL  
# Version: v1.0  
# CVE: CVE-2024-41332  
# Tested on: Windows, XAMPP, Apache, MySQL  
  
-------------------------------------------------------------------------------------------------------------------------------------------  
  
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to perform arbitrarily delete actions.   
  
  
"Vulnerable Code" – ( classes/master.php)  
  
function delete_category(){  
extract($_POST);  
$del = $this->conn->query("UPDATE `category_list` set `delete_flag` = 1 where id = '{$id}'");  
if($del){  
$resp['status'] = 'success';  
$this->settings->set_flashdata('success'," Category successfully deleted.");  
}else{  
$resp['status'] = 'failed';  
$resp['error'] = $this->conn->error;  
}  
return json_encode($resp);  
}  
  
---> Affected Component: http://localhost/php-lms/classes/Master.php?f=delete_category  
  
"Fix for Vulnerable Code":  
  
function delete_category(){  
// Check if the user is logged in and has an admin role  
if (!isset($_SESSION['userdata']['role']) || $_SESSION['userdata']['role'] != 'admin') {  
$resp['status'] = 'failed';  
$resp['error'] = 'Unauthorized access.';  
return json_encode($resp);  
}  
  
// Proceed with the delete action if authorized  
extract($_POST);  
$del = $this->conn->query("UPDATE `category_list` set `delete_flag` = 1 where id = '{$id}'");  
if($del){  
$resp['status'] = 'success';  
$this->settings->set_flashdata('success',"Category successfully deleted.");  
}else{  
$resp['status'] = 'failed';  
$resp['error'] = $this->conn->error;  
}  
return json_encode($resp);  
}  
`

Related

zdt 1
cve 1
vulnrichment 1
nvd 1
cvelist 1
zdt
zdt
Computer Laboratory Management System 1.0 Privilege Escalation Vulnerability
2024-08-07 00:00:00
cve
cve
CVE-2024-41332
2024-08-12 13:38:30
vulnrichment
vulnrichment
CVE-2024-41332
2024-08-09 00:00:00
nvd
nvd
CVE-2024-41332
2024-08-12 13:38:30
cvelist
cvelist
CVE-2024-41332
2024-08-09 00:00:00

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

21.4%

JSON
Related for PACKETSTORM:179890
zdt1cve1vulnrichment1nvd1cvelist1