A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 21 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 21 Aug 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Siamonhasan
Siamonhasan warehouse Inventory System
Weaknesses CWE-352
CPEs cpe:2.3:a:siamonhasan:warehouse_inventory_system:2.0:*:*:*:*:*:*:*
Vendors & Products Siamonhasan
Siamonhasan warehouse Inventory System
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Tue, 20 Aug 2024 13:15:00 +0000

Type Values Removed Values Added
Description A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-21T17:58:35.863Z

Reserved: 2024-08-05T00:00:00

Link: CVE-2024-42579

cve-icon Vulnrichment

Updated: 2024-08-21T17:58:30.669Z

cve-icon NVD

Status : Modified

Published: 2024-08-20T13:15:08.687

Modified: 2024-08-21T18:35:08.200

Link: CVE-2024-42579

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.