Lucene search

[email protected]NVD:CVE-2024-40476

HistoryAug 12, 2024 - 1:38 p.m.

CVE-2024-40476

2024-08-1213:38:28

CWE-352

[email protected]

web.nvd.nist.gov

csrf

vulnerability

sourcecodester

house rental management system

attacker

tenant data manipulation

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data via a crafted HTML page, as demonstrated by a Delete Tenant action at the /rental/ajax.php?action=delete_tenant.

Affected configurations

Nvd

Node

mayurikbest_house_rental_managementMatch1.0

VendorProductVersionCPE
mayurikbest_house_rental_management1.0cpe:2.3:a:mayurik:best_house_rental_management:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mayurik	best_house_rental_management	1.0	cpe:2.3:a:mayurik:best_house_rental_management:1.0:::::::*

References

github.com/takekaramey/CVE_Writeup/blob/main/Sourcecodester/Best%20House%20Rental%20Management%20System%20v1.0/CSRF.pdf

www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.8%

JSON

Related for NVD:CVE-2024-40476

vulnrichment1 cve1 cvelist1