Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3774

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-31 Oct, 2022 | 00:00
Updated At-15 Apr, 2025 | 13:23
Rejected At-
Credits

SourceCodester Train Scheduler App resource injection

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:31 Oct, 2022 | 00:00
Updated At:15 Apr, 2025 | 13:23
Rejected At:
▼CVE Numbering Authority (CNA)
SourceCodester Train Scheduler App resource injection

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.

Affected Products
Vendor
SourceCodesterSourceCodester
Product
Train Scheduler App
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-99CWE-99 Improper Control of Resource Identifiers
Type: CWE
CWE ID: CWE-99
Description: CWE-99 Improper Control of Resource Identifiers
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/rohit0x5/poc/blob/main/idor
N/A
https://vuldb.com/?id.212504
N/A
http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.html
N/A
Hyperlink: https://github.com/rohit0x5/poc/blob/main/idor
Resource: N/A
Hyperlink: https://vuldb.com/?id.212504
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/rohit0x5/poc/blob/main/idor
x_transferred
https://vuldb.com/?id.212504
x_transferred
http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.html
x_transferred
Hyperlink: https://github.com/rohit0x5/poc/blob/main/idor
Resource:
x_transferred
Hyperlink: https://vuldb.com/?id.212504
Resource:
x_transferred
Hyperlink: http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:31 Oct, 2022 | 16:15
Updated At:01 Nov, 2022 | 16:27

A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CPE Matches
train_scheduler_app_project
train_scheduler_app_project
>>train_scheduler_app>>1.0
cpe:2.3:a:train_scheduler_app_project:train_scheduler_app:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-99Primarycna@vuldb.com
CWE ID: CWE-99
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.htmlcna@vuldb.com
Exploit
Third Party Advisory
https://github.com/rohit0x5/poc/blob/main/idorcna@vuldb.com
Broken Link
Third Party Advisory
https://vuldb.com/?id.212504cna@vuldb.com
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.html
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/rohit0x5/poc/blob/main/idor
Source: cna@vuldb.com
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://vuldb.com/?id.212504
Source: cna@vuldb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

17Records found
CVE-2025-4912
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.77% / 73.97%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 05:00
Updated-21 May, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Result Management System Image File update_student.php path traversal

A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/update_student.php of the component Image File Handler. The manipulation of the argument old_photo leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodestermunyweki
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-1599
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.68%
||
7 Day CHG~0.00%
Published-24 Feb, 2025 | 00:00
Updated-24 Feb, 2025 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Church Management Software profile_crud.php path traversal

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-SourceCodester
Product-Best Church Management Software
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-24
Path Traversal: '../filedir'
CVE-2025-13468
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.80%
||
7 Day CHG~0.00%
Published-20 Nov, 2025 | 13:32
Updated-21 Nov, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Alumni Management System Delete admin_class.php delete_event authorization

A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/admin_class.php of the component Delete Handler. Executing manipulation of the argument ID can lead to missing authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-alumni_management_systemAlumni Management System
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-2776
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 52.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 11:51
Updated-15 Apr, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Gym Management System delete_user.php denial of service

A vulnerability classified as problematic has been found in SourceCodester Gym Management System. Affected is an unknown function of the file delete_user.php. The manipulation of the argument delete_user leads to denial of service. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206172.

Action-Not Available
Vendor-Adrian MercurioSourceCodester
Product-gym_management_systemGym Management System
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1956
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.4||MEDIUM
EPSS-0.61% / 70.33%
||
7 Day CHG~0.00%
Published-08 Apr, 2023 | 10:00
Updated-02 Aug, 2024 | 06:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Computer and Laptop Store Image path traversal

A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_computer_and_laptop_storeOnline Computer and Laptop Store
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-5812
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 22:30
Updated-24 Apr, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pharmacy Product Management System POST Parameter add-sales.php logic error

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-SourceCodester
Product-Pharmacy Product Management System
CVE-2026-5811
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 22:15
Updated-24 Apr, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Food Ordering System POST Parameter Actions.php save_product logic error

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodester
Product-Online Food Ordering System
CVE-2026-3761
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 5.70%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 18:32
Updated-11 Mar, 2026 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used.

Action-Not Available
Vendor-lerouxyxchireSourceCodester
Product-client_database_management_systemClient Database Management System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-13564
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-23 Nov, 2025 | 18:32
Updated-02 Dec, 2025 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pre-School Management System FilehelperController.php removefile denial of service

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-kimz190SourceCodester
Product-pre-school_management_systemPre-School Management System
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-3139
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 22.80%
||
7 Day CHG~0.00%
Published-01 Apr, 2024 | 22:31
Updated-24 Jan, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Computer Laboratory Management System save_users improper authorization

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-computer_laboratory_management_systemComputer Laboratory Management Systemcomputer_laboratory_management_system
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-4898
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 56.43%
||
7 Day CHG~0.00%
Published-18 May, 2025 | 22:00
Updated-21 May, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Result Management System Logo File update_system.php unlink path traversal

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file update_system.php of the component Logo File Handler. The manipulation of the argument old_logo leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodestermunyweki
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-4720
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 58.50%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 21:00
Updated-27 May, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Result Management System drop_student.php path traversal

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodestermunyweki
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-4181
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.30%
||
7 Day CHG~0.00%
Published-06 Aug, 2023 | 08:31
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Free Hospital Management System for Small Practices Redirect behavioral workflow

A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-free_hospital_management_system_for_small_practicesFree Hospital Management System for Small Practices
CWE ID-CWE-841
Improper Enforcement of Behavioral Workflow
CVE-2026-10624
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.73%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 20:30
Updated-04 Jun, 2026 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Human Resource Management Employee View detailview.php resource injection

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifiers. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Human Resource Management
CWE ID-CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
CVE-2026-9438
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.64%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 07:30
Updated-26 May, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yashpokharna2555 StudentManagementSystem courseDel.php resource injection

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from remote. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-yashpokharna2555
Product-StudentManagementSystem
CWE ID-CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
CVE-2025-9264
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.79%
||
7 Day CHG+0.01%
Published-20 Aug, 2025 | 23:32
Updated-11 Sep, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xuxueli xxl-job Jobs JobInfoController.java remove resource injection

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Action-Not Available
Vendor-xuxueliXuxueli
Product-xxl-jobxxl-job
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
CVE-2024-7437
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.99%
||
7 Day CHG~0.00%
Published-03 Aug, 2024 | 14:31
Updated-11 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SimpleMachines SMF Delete User index.php resource injection

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-simplemachinesSimpleMachinessimplemachines
Product-simple_machines_forumSMFsimple_machine_forum
CWE ID-CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
Details not found