Lucene search
Sampath Kumar Kadajari1337DAY-ID-39706HistoryAug 07, 2024 - 12:00 a.m.
Computer Laboratory Management System 1.0 Privilege Escalation Vulnerability
2024-08-0700:00:00
Sampath Kumar Kadajari
0day.today
18
vulnerability
privilege escalation
access control
computer laboratory management system
sourcecodester
cve-2024-41332
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
7.4
Confidence
Low
EPSS
0.001
Percentile
21.4%
# Exploit Title: Computer Laboratory Management System v1.0 - Incorrect access control
# Exploit Author: Sampath kumar kadajari
# Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=17268&title=Computer+Laboratory+Management+System+using+PHP+and+MySQL
# Version: v1.0
# CVE: CVE-2024-41332
# Tested on: Windows, XAMPP, Apache, MySQL
-------------------------------------------------------------------------------------------------------------------------------------------
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to perform arbitrarily delete actions.
"Vulnerable Code" – ( classes/master.php)
function delete_category(){
extract($_POST);
$del = $this->conn->query("UPDATE `category_list` set `delete_flag` = 1 where id = '{$id}'");
if($del){
$resp['status'] = 'success';
$this->settings->set_flashdata('success'," Category successfully deleted.");
}else{
$resp['status'] = 'failed';
$resp['error'] = $this->conn->error;
}
return json_encode($resp);
}
---> Affected Component: http://localhost/php-lms/classes/Master.php?f=delete_category
"Fix for Vulnerable Code":
function delete_category(){
// Check if the user is logged in and has an admin role
if (!isset($_SESSION['userdata']['role']) || $_SESSION['userdata']['role'] != 'admin') {
$resp['status'] = 'failed';
$resp['error'] = 'Unauthorized access.';
return json_encode($resp);
}
// Proceed with the delete action if authorized
extract($_POST);
$del = $this->conn->query("UPDATE `category_list` set `delete_flag` = 1 where id = '{$id}'");
if($del){
$resp['status'] = 'success';
$this->settings->set_flashdata('success',"Category successfully deleted.");
}else{
$resp['status'] = 'failed';
$resp['error'] = $this->conn->error;
}
return json_encode($resp);
}
Related
packetstorm
packetstorm
Computer Laboratory Management System 1.0 Privilege Escalation
2024-08-02 00:00:00
cve
cve
CVE-2024-41332
2024-08-12 13:38:30
vulnrichment
vulnrichment
CVE-2024-41332
2024-08-09 00:00:00
nvd
nvd
CVE-2024-41332
2024-08-12 13:38:30
cvelist
cvelist
CVE-2024-41332
2024-08-09 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
7.4
Confidence
Low
EPSS
0.001
Percentile
21.4%
Related for 1337DAY-ID-39706