CVE-2024-8555

Published: Sep 7, 2024Modified: Sep 10, 2024

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Oretnom23: Clinic's Patient Management System

1 product

Clinic's Patient Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oretnom23 Clinic's Patient Management System	Version 2.0

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (5)

https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Open-Redirect.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.276774

Source: cna@vuldb.com

Permissions RequiredThird Party AdvisoryVDB Entry

https://vuldb.com/?id.276774

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.402386

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.sourcecodester.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.