CVE-2024-55231

Published: Dec 18, 2024Modified: Mar 27, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information.

Affected (1)

Products: Phpgurukul: Online Notes Sharing Management System

1 product

Online Notes Sharing Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpgurukul Online Notes Sharing Management System	Version 1.0

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://github.com/CV1523/CVEs/blob/main/CVE-2024-55231.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/CV1523/CVEs/blob/main/CVE-2024-55231.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.