CVE-2024-9297

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument page with the input trains/schedules/system_info leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2019-3849

MEDIUM
CVSS:6.3(Medium)

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the ...

CWE-2852019

CVE-2020-3539

MEDIUM
CVSS:6.3(Medium)

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authoriz...

CWE-2852020

CVE-2020-5250

MEDIUM
CVSS:6.3(Medium)

In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, y...

CWE-2852020

CVE-2023-2950

MEDIUM
CVSS:6.3(Medium)

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.

CWE-2852023

CVE-2023-3574

MEDIUM
CVSS:6.3(Medium)

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.

CWE-2852023

CVE-2024-3013

MEDIUM
CVSS:6.3(Medium)

A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue affects some unknown processing of the file /tools/test_login.php?action=register of the component User R...

CWE-2852024