CVE-2024-2150

Published: Mar 3, 2024Modified: Jan 2, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255503.

Affected (1)

Products: Munyweki: Insurance Management System

1 product

Insurance Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Munyweki Insurance Management System	Version 1.0

Related CWEs

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (6)

https://github.com/wkeyi0x1/vul-report/blob/main/Insurance%20Management%20System%20PHP%20and%20MySQL/Insurance%20Management%20System%20PHP%20and%20MySQL%20v1.0%20-%20File%20Inclusion.md

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.255503

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.255503

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/wkeyi0x1/vul-report/blob/main/Insurance%20Management%20System%20PHP%20and%20MySQL/Insurance%20Management%20System%20PHP%20and%20MySQL%20v1.0%20-%20File%20Inclusion.md

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://vuldb.com/?ctiid.255503

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.255503

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.