VDB-275924 · CVE-2024-8216 · GCVE-100-275924

nafisulbari/itsourcecode Insurance Management System 1.0 Payment editPayment.php recipt_no ବିସ୍ତାରିତ ଅଧିକାର

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame nafisulbari/itsourcecode Insurance Management System 1.0 keessatti argameera. Miidhamni argame is hojii hin beekamne faayilii editPayment.php keessa kutaa Payment Handler keessa. Wanti jijjiirame irratti recipt_no gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-284 si geessa. Odeeffannoon kun yeroo 08/27/2024 maxxanfameera. Dogoggorri kun CVE-2024-8216 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Meeshaa balaa kana fayyadamuuf hin jirre. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ଅପରିଭାଷିତ ta’uu isaa ibsameera. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 81 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 08/27/2024 02:31 PM	ଅଦ୍ୟତନ 1/2 08/28/2024 04:29 PM	ଅଦ୍ୟତନ 2/2 08/29/2024 06:36 PM
software_vendor	nafisulbari/itsourcecode	nafisulbari/itsourcecode	nafisulbari/itsourcecode
software_name	Insurance Management System	Insurance Management System	Insurance Management System
software_version	1.0	1.0	1.0
software_component	Payment Handler	Payment Handler	Payment Handler
software_file	editPayment.php	editPayment.php	editPayment.php
software_argument	recipt_no	recipt_no	recipt_no
vulnerability_cwe	CWE-284 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-284 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-284 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rc	R	R	R
source_cve	CVE-2024-8216	CVE-2024-8216	CVE-2024-8216
cna_responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss4_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.5	5.5	5.5
cvss2_vuldb_tempscore	5.2	5.2	5.2
cvss3_vuldb_basescore	5.4	5.4	5.4
cvss3_vuldb_tempscore	5.2	5.2	5.2
cvss3_meta_basescore	5.4	5.4	5.4
cvss3_meta_tempscore	5.2	5.3	5.3
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	5.3	5.3	5.3
advisory_date	1724709600 (08/27/2024)	1724709600 (08/27/2024)	1724709600 (08/27/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cve_nvd_summaryes		Una vulnerabilidad fue encontrada en nafisulbari/itsourcecode Insurance Management System 1.0 y clasificada como crítica. Una función desconocida del archivo editPayment.php del componente Payment Handler es afectada por esta vulnerabilidad. La manipulación del argumento recipt_no conduce a controles de acceso inadecuados. El ataque puede lanzarse de forma remota. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.	Una vulnerabilidad fue encontrada en nafisulbari/itsourcecode Insurance Management System 1.0 y clasificada como crítica. Una función desconocida del archivo editPayment.php del componente Payment Handler es afectada por esta vulnerabilidad. La manipulación del argumento recipt_no conduce a controles de acceso inadecuados. El ataque puede lanzarse de forma remota. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		N	N
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		5.4	5.4
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		N	N
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		5.5	5.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			L
cvss3_nvd_a			L
cvss3_nvd_basescore			5.4

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!