A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
History

Wed, 21 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Kashipara
Kashipara online Exam System
Weaknesses CWE-284
CPEs cpe:2.3:a:kashipara:online_exam_system:1.0:*:*:*:*:*:*:*
Vendors & Products Kashipara
Kashipara online Exam System
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 15 Aug 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Jayesh
Jayesh online Exam System
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:jayesh:online_exam_system:1.0:*:*:*:*:*:*:*
Vendors & Products Jayesh
Jayesh online Exam System
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Fri, 09 Aug 2024 16:15:00 +0000

Type Values Removed Values Added
Description A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-09T00:00:00

Updated: 2024-08-21T20:30:47.533Z

Reserved: 2024-07-05T00:00:00

Link: CVE-2024-40480

cve-icon Vulnrichment

Updated: 2024-08-21T20:29:50.975Z

cve-icon NVD

Status : Modified

Published: 2024-08-12T13:38:29.003

Modified: 2024-08-21T21:35:08.270

Link: CVE-2024-40480

cve-icon Redhat

No data.