CVE-2024-2483 - Vulnerability Details - OpenCVE

A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md
https://vuldb.com/?ctiid.256889
https://vuldb.com/?id.256889

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-03-15T07:00:06.663Z

Updated: 2024-08-26T14:58:01.143Z

Reserved: 2024-03-15T00:18:23.374Z

Link: CVE-2024-2483

Vulnrichment

Updated: 2024-08-01T19:11:53.712Z

NVD

Status : Awaiting Analysis

Published: 2024-03-15T07:15:11.550

Modified: 2024-11-21T09:09:51.143

Link: CVE-2024-2483

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2483", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-03-15T00:18:23.374Z", "datePublished": "2024-03-15T07:00:06.663Z", "dateUpdated": "2024-08-26T14:58:01.143Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-03-15T07:00:06.663Z"}, "title": "Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-352", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery"}]}], "affected": [{"vendor": "Surya2Developer", "product": "Hostel Management Service", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Password Change Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Surya2Developer Hostel Management Service 1.0 entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /change-password.php der Komponente Password Change Handler. Mittels Manipulieren des Arguments oldpassword mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-03-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-03-15T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-03-15T07:07:07.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "C.P. Rivera", "type": "finder"}, {"lang": "en", "value": "blackslim3 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "blackslim3 (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.256889", "name": "VDB-256889 | Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.256889", "name": "VDB-256889 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.712Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.256889", "name": "VDB-256889 | Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.256889", "name": "VDB-256889 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", "tags": ["exploit", "x_transferred"]}]}, {"affected": [{"vendor": "surya2developer", "product": "hostel_management_service", "cpes": ["cpe:2.3:a:surya2developer:hostel_management_service:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-15T17:13:19.678570Z", "id": "CVE-2024-2483", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T14:58:01.143Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.256889", "name": "VDB-256889 | Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.256889", "name": "VDB-256889 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.712Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2483", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-15T17:13:19.678570Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:surya2developer:hostel_management_service:*:*:*:*:*:*:*:*"], "vendor": "surya2developer", "product": "hostel_management_service", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T14:57:55.496Z"}}], "cna": {"title": "Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery", "credits": [{"lang": "en", "type": "finder", "value": "C.P. Rivera"}, {"lang": "en", "type": "reporter", "value": "blackslim3 (VulDB User)"}, {"lang": "en", "type": "analyst", "value": "blackslim3 (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "Surya2Developer", "modules": ["Password Change Handler"], "product": "Hostel Management Service", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2024-03-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-03-15T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-03-15T07:07:07.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.256889", "name": "VDB-256889 | Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.256889", "name": "VDB-256889 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Surya2Developer Hostel Management Service 1.0 entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /change-password.php der Komponente Password Change Handler. Mittels Manipulieren des Arguments oldpassword mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-03-15T07:00:06.663Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2483", "state": "PUBLISHED", "dateUpdated": "2024-08-26T14:58:01.143Z", "dateReserved": "2024-03-15T00:18:23.374Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-03-15T07:00:06.663Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Surya2Developer Hostel Management Service 1.0 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /change-password.php del componente Password Change Handler. La manipulaci\u00f3n del argumento contrase\u00f1a antigua conduce a cross-site request forgery. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-256889."}], "id": "CVE-2024-2483", "lastModified": "2024-11-21T09:09:51.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-03-15T07:15:11.550", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.256889"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.256889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?ctiid.256889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?id.256889"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "cna@vuldb.com", "type": "Secondary"}]}