CVE-2024-0349

Published: Jan 9, 2024Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.

Affected (1)

Products: Engineers Online Portal Project: Engineers Online Portal

Engineers Online Portal Project

1 product

Engineers Online Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Engineers Online Portal Project Engineers Online Portal	Version 1.0

Related CWEs

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

References (6)

https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904

Source: cna@vuldb.com

Third Party Advisory

https://vuldb.com/?ctiid.250117

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.250117

Source: cna@vuldb.com

Third Party Advisory

https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://vuldb.com/?ctiid.250117

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.250117

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.