VDB-290816 · CVE-2024-13211 · GCVE-100-290816

SingMR HouseRent 1.0 AdminController.java विशेषाधिकार वाढीचे प्रमाण वाढले

एक कमकुवतपणा जो गंभीर म्हणून वर्गीकृत केला आहे, तो SingMR HouseRent 1.0 मध्ये आढळून आला आहे. या ठिकाणी परिणाम झाला आहे अज्ञात फंक्शन फाइल src/main/java/com/house/wym/controller/AdminController.java च्या. सॉफ्टवेअरमध्ये केलेले बदल विशेषाधिकार वाढीचे प्रमाण वाढले यास कारणीभूत ठरतात. समस्या जाहीर करण्यासाठी CWE वापरल्यास CWE-284 येथे नेले जाते. ही कमतरता प्रसिद्ध करण्यात आली होती 08/01/2025 म्हणून Unauthorized access to HouseRent exists #12. डाउनलोडसाठी सल्ला github.com वर शेअर केला आहे. ही दुर्बलता CVE-2024-13211 म्हणून ओळखली जाते. दूरवरून हा हल्ला घडवून आणता येतो. तांत्रिक तपशील दिलेले आहेत. यासाठी एक एक्स्प्लॉइट उपलब्ध आहे. शोषण सार्वजनिकपणे जाहीर झाले आहे आणि त्याचा वापर होऊ शकतो. सध्या USD $0-$5k इतका असू शकतो. MITRE ATT&CK प्रकल्प T1068 हल्ला तंत्रज्ञान म्हणून घोषित करतो. प्रूफ-ऑफ-कॉन्सेप्ट म्हणून हे घोषित केले गेले आहे. शोषण डाउनलोडसाठी github.com येथे शेअर केले आहे. 0-डे म्हणून त्याची अंदाजे भूमिगत किंमत $0-$5k होती. If you want to get best quality of vulnerability data, you may have to visit VulDB.

4 बदल · 97 डेटा पॉइंट्स

शेत	तयार केली 08/01/2025 05:59 PM	अद्ययावत 1/3 09/01/2025 01:53 PM	अद्ययावत 2/3 09/01/2025 02:56 PM	अद्ययावत 3/3 15/10/2025 11:09 PM
software_vendor	SingMR	SingMR	SingMR	SingMR
software_name	HouseRent	HouseRent	HouseRent	HouseRent
software_version	1.0	1.0	1.0	1.0
software_file	src/main/java/com/house/wym/controller/AdminController.java	src/main/java/com/house/wym/controller/AdminController.java	src/main/java/com/house/wym/controller/AdminController.java	src/main/java/com/house/wym/controller/AdminController.java
vulnerability_cwe	CWE-284 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-284 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-284 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-284 (विशेषाधिकार वाढीचे प्रमाण वाढले)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_identifier	Unauthorized access to HouseRent exists #12	Unauthorized access to HouseRent exists #12	Unauthorized access to HouseRent exists #12	Unauthorized access to HouseRent exists #12
advisory_url	https://github.com/SingMR/HouseRent/issues/12	https://github.com/SingMR/HouseRent/issues/12	https://github.com/SingMR/HouseRent/issues/12	https://github.com/SingMR/HouseRent/issues/12
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/SingMR/HouseRent/issues/12#issue-2762124045	https://github.com/SingMR/HouseRent/issues/12#issue-2762124045	https://github.com/SingMR/HouseRent/issues/12#issue-2762124045	https://github.com/SingMR/HouseRent/issues/12#issue-2762124045
source_cve	CVE-2024-13211	CVE-2024-13211	CVE-2024-13211	CVE-2024-13211
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	6.0	6.0	6.9
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1736290800 (08/01/2025)	1736290800 (08/01/2025)	1736290800 (08/01/2025)	1736290800 (08/01/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cve_nvd_summary		A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		6.3	6.3	6.3
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		P	P	P
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		6.5	6.5	6.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en SingMR HouseRent 1.0. Se ha calificado como crítica. Este problema afecta a algunas funciones desconocidas del archivo src/main/java/com/house/wym/controller/AdminController.java. La manipulación conduce a controles de acceso inadecuados. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse.	Se ha encontrado una vulnerabilidad en SingMR HouseRent 1.0. Se ha calificado como crítica. Este problema afecta a algunas funciones desconocidas del archivo src/main/java/com/house/wym/controller/AdminController.java. La manipulación conduce a controles de acceso inadecuados. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Interested in the pricing of exploits?

See the underground prices here!