CVE-2024-0350

Published: Jan 9, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability.

Affected (1)

Products: Engineers Online Portal Project: Engineers Online Portal

Engineers Online Portal Project

1 product

Engineers Online Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Engineers Online Portal Project Engineers Online Portal	Version 1.0

Related CWEs

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (6)

https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.250118

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.250118

Source: cna@vuldb.com

Third Party Advisory

https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.250118

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.250118

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.