An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.
History

Thu, 22 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Kashipara
Kashipara hotel Management System
Weaknesses CWE-284
CPEs cpe:2.3:a:kashipara:hotel_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Kashipara
Kashipara hotel Management System
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 22 Aug 2024 17:15:00 +0000

Type Values Removed Values Added
Description An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-22T00:00:00

Updated: 2024-08-22T19:49:31.835Z

Reserved: 2024-08-05T00:00:00

Link: CVE-2024-42775

cve-icon Vulnrichment

Updated: 2024-08-22T19:49:22.878Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-22T17:15:06.580

Modified: 2024-08-23T16:18:28.547

Link: CVE-2024-42775

cve-icon Redhat

No data.