Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for Online Railway Reservation System by CodeAstro
CVE-2024-7912 (GCVE-0-2024-7912)
Vulnerability from cvelistv5 – Published: 2024-08-18 21:31 – Updated: 2024-08-19 13:34
VLAI
Title
CodeAstro Online Railway Reservation System assets exposure of information through directory listing
Summary
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-548 - Exposure of Information Through Directory Listing
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275038 | vdb-entry |
| https://vuldb.com/?ctiid.275038 | signaturepermissions-required |
| https://vuldb.com/?submit.391658 | third-party-advisory |
| https://github.com/CYB84/CVE_Writeup/blob/main/On… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
|
| codeastro | online_railway_reservation_system |
Affected:
1.0
cpe:2.3:a:codeastro:online_railway_reservation_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_railway_reservation_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_railway_reservation_system",
"vendor": "codeastro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7912",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:33:41.928307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:34:37.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raj Nandi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In CodeAstro Online Railway Reservation System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/assets/. Mittels dem Manipulieren mit unbekannten Daten kann eine exposure of information through directory listing-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548 Exposure of Information Through Directory Listing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-18T21:31:04.192Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275038 | CodeAstro Online Railway Reservation System assets exposure of information through directory listing",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275038"
},
{
"name": "VDB-275038 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275038"
},
{
"name": "Submit #391658 | CodeAstro Online Railway Reservation System 1.0 Exposure of Information Through Directory Listing",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.391658"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Directory%20Listing.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-17T22:55:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System assets exposure of information through directory listing"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7912",
"datePublished": "2024-08-18T21:31:04.192Z",
"dateReserved": "2024-08-17T20:49:28.182Z",
"dateUpdated": "2024-08-19T13:34:37.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7910 (GCVE-0-2024-7910)
Vulnerability from cvelistv5 – Published: 2024-08-18 18:31 – Updated: 2024-08-19 16:20
VLAI
Title
CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload
Summary
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
4.7 (Medium)
4.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275036 | vdb-entry |
| https://vuldb.com/?ctiid.275036 | signaturepermissions-required |
| https://vuldb.com/?submit.391650 | third-party-advisory |
| https://github.com/CYB84/CVE_Writeup/blob/main/On… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
|
| codeastro | online_railway_reservation_system |
Affected:
1.0
cpe:2.3:a:codeastro:online_railway_reservation_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_railway_reservation_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_railway_reservation_system",
"vendor": "codeastro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7910",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T16:20:08.624031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:20:57.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Profile Photo Update Handler"
],
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raj Nandi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in CodeAstro Online Railway Reservation System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/emp-profile-avatar.php der Komponente Profile Photo Update Handler. Durch die Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-18T18:31:05.801Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275036 | CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275036"
},
{
"name": "VDB-275036 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275036"
},
{
"name": "Submit #391650 | CodeAstro Online Railway Reservation System 1.0 Unrestricted Upload of File with Dangerous Type",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.391650"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/RCE%20via%20File%20Upload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-17T19:21:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7910",
"datePublished": "2024-08-18T18:31:05.801Z",
"dateReserved": "2024-08-17T17:16:07.329Z",
"dateUpdated": "2024-08-19T16:20:57.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7815 (GCVE-0-2024-7815)
Vulnerability from cvelistv5 – Published: 2024-08-15 04:00 – Updated: 2024-08-15 13:10
VLAI
Title
CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting
Summary
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.274711 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.274711 | signaturepermissions-required |
| https://vuldb.com/?submit.391376 | third-party-advisory |
| https://github.com/CYB84/CVE_Writeup/blob/main/On… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
|
| codeastro | online_railway_reservation_system |
Affected:
1.0
cpe:2.3:a:codeastro:online_railway_reservation_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_railway_reservation_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_railway_reservation_system",
"vendor": "codeastro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:08:34.087697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:10:50.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Update Employee Page"
],
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raj Nandi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In CodeAstro Online Railway Reservation System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /admin/admin-update-employee.php der Komponente Update Employee Page. Durch Manipulieren des Arguments emp_fname /emp_lname /emp_nat_idno/emp_addr mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T04:00:05.493Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-274711 | CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.274711"
},
{
"name": "VDB-274711 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.274711"
},
{
"name": "Submit #391376 | codeastro Online Railway Reservation System 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.391376"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-14T20:43:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7815",
"datePublished": "2024-08-15T04:00:05.493Z",
"dateReserved": "2024-08-14T18:37:59.809Z",
"dateUpdated": "2024-08-15T13:10:50.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7814 (GCVE-0-2024-7814)
Vulnerability from cvelistv5 – Published: 2024-08-15 03:31 – Updated: 2024-09-03 18:04
VLAI
Title
CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.274710 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.274710 | signaturepermissions-required |
| https://github.com/CYB84/CVE_Writeup/blob/main/On… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
|
| codeastro | online_railway_reservation_system |
Affected:
1.0
cpe:2.3:a:codeastro:online_railway_reservation_system:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_railway_reservation_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_railway_reservation_system",
"vendor": "codeastro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7814",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T16:11:33.749947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:04:42.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Add Employee Page"
],
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in CodeAstro Online Railway Reservation System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/admin-add-employee.php der Komponente Add Employee Page. Durch das Manipulieren des Arguments emp_fname /emp_lname /emp_nat_idno/emp_addr mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T03:31:04.091Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-274710 | CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.274710"
},
{
"name": "VDB-274710 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.274710"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-14T20:43:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7814",
"datePublished": "2024-08-15T03:31:04.091Z",
"dateReserved": "2024-08-14T18:37:57.471Z",
"dateUpdated": "2024-09-03T18:04:42.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0782 (GCVE-0-2024-0782)
Vulnerability from cvelistv5 – Published: 2024-01-22 16:31 – Updated: 2024-10-21 10:53
VLAI
Title
CodeAstro Online Railway Reservation System pass-profile.php cross site scripting
Summary
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.251698 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.251698 | signaturepermissions-required |
| https://drive.google.com/drive/folders/1ecVTReqCS… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251698"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251698"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0782",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T16:30:35.647264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T10:53:03.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mohammed Aashique (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In CodeAstro Online Railway Reservation System 1.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei pass-profile.php. Durch das Manipulieren des Arguments First Name/Last Name/User Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T16:31:03.890Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251698"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251698"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-22T12:13:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System pass-profile.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0782",
"datePublished": "2024-01-22T16:31:03.890Z",
"dateReserved": "2024-01-22T11:08:21.178Z",
"dateUpdated": "2024-10-21T10:53:03.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7912 (GCVE-0-2024-7912)
Vulnerability from nvd – Published: 2024-08-18 21:31 – Updated: 2024-08-19 13:34
VLAI
Title
CodeAstro Online Railway Reservation System assets exposure of information through directory listing
Summary
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-548 - Exposure of Information Through Directory Listing
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275038 | vdb-entry |
| https://vuldb.com/?ctiid.275038 | signaturepermissions-required |
| https://vuldb.com/?submit.391658 | third-party-advisory |
| https://github.com/CYB84/CVE_Writeup/blob/main/On… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
|
| codeastro | online_railway_reservation_system |
Affected:
1.0
cpe:2.3:a:codeastro:online_railway_reservation_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_railway_reservation_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_railway_reservation_system",
"vendor": "codeastro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7912",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:33:41.928307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:34:37.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raj Nandi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In CodeAstro Online Railway Reservation System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/assets/. Mittels dem Manipulieren mit unbekannten Daten kann eine exposure of information through directory listing-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548 Exposure of Information Through Directory Listing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-18T21:31:04.192Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275038 | CodeAstro Online Railway Reservation System assets exposure of information through directory listing",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275038"
},
{
"name": "VDB-275038 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275038"
},
{
"name": "Submit #391658 | CodeAstro Online Railway Reservation System 1.0 Exposure of Information Through Directory Listing",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.391658"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Directory%20Listing.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-17T22:55:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System assets exposure of information through directory listing"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7912",
"datePublished": "2024-08-18T21:31:04.192Z",
"dateReserved": "2024-08-17T20:49:28.182Z",
"dateUpdated": "2024-08-19T13:34:37.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7910 (GCVE-0-2024-7910)
Vulnerability from nvd – Published: 2024-08-18 18:31 – Updated: 2024-08-19 16:20
VLAI
Title
CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload
Summary
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
4.7 (Medium)
4.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275036 | vdb-entry |
| https://vuldb.com/?ctiid.275036 | signaturepermissions-required |
| https://vuldb.com/?submit.391650 | third-party-advisory |
| https://github.com/CYB84/CVE_Writeup/blob/main/On… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
|
| codeastro | online_railway_reservation_system |
Affected:
1.0
cpe:2.3:a:codeastro:online_railway_reservation_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_railway_reservation_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_railway_reservation_system",
"vendor": "codeastro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7910",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T16:20:08.624031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:20:57.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Profile Photo Update Handler"
],
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raj Nandi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in CodeAstro Online Railway Reservation System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /admin/emp-profile-avatar.php der Komponente Profile Photo Update Handler. Durch die Manipulation mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-18T18:31:05.801Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275036 | CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.275036"
},
{
"name": "VDB-275036 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275036"
},
{
"name": "Submit #391650 | CodeAstro Online Railway Reservation System 1.0 Unrestricted Upload of File with Dangerous Type",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.391650"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/RCE%20via%20File%20Upload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-17T19:21:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7910",
"datePublished": "2024-08-18T18:31:05.801Z",
"dateReserved": "2024-08-17T17:16:07.329Z",
"dateUpdated": "2024-08-19T16:20:57.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7815 (GCVE-0-2024-7815)
Vulnerability from nvd – Published: 2024-08-15 04:00 – Updated: 2024-08-15 13:10
VLAI
Title
CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting
Summary
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.274711 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.274711 | signaturepermissions-required |
| https://vuldb.com/?submit.391376 | third-party-advisory |
| https://github.com/CYB84/CVE_Writeup/blob/main/On… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
|
| codeastro | online_railway_reservation_system |
Affected:
1.0
cpe:2.3:a:codeastro:online_railway_reservation_system:1.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_railway_reservation_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_railway_reservation_system",
"vendor": "codeastro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:08:34.087697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:10:50.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Update Employee Page"
],
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raj Nandi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In CodeAstro Online Railway Reservation System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /admin/admin-update-employee.php der Komponente Update Employee Page. Durch Manipulieren des Arguments emp_fname /emp_lname /emp_nat_idno/emp_addr mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T04:00:05.493Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-274711 | CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.274711"
},
{
"name": "VDB-274711 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.274711"
},
{
"name": "Submit #391376 | codeastro Online Railway Reservation System 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.391376"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-14T20:43:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7815",
"datePublished": "2024-08-15T04:00:05.493Z",
"dateReserved": "2024-08-14T18:37:59.809Z",
"dateUpdated": "2024-08-15T13:10:50.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7814 (GCVE-0-2024-7814)
Vulnerability from nvd – Published: 2024-08-15 03:31 – Updated: 2024-09-03 18:04
VLAI
Title
CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.274710 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.274710 | signaturepermissions-required |
| https://github.com/CYB84/CVE_Writeup/blob/main/On… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
|
| codeastro | online_railway_reservation_system |
Affected:
1.0
cpe:2.3:a:codeastro:online_railway_reservation_system:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_railway_reservation_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "online_railway_reservation_system",
"vendor": "codeastro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7814",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T16:11:33.749947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:04:42.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Add Employee Page"
],
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in CodeAstro Online Railway Reservation System 1.0 gefunden. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /admin/admin-add-employee.php der Komponente Add Employee Page. Durch das Manipulieren des Arguments emp_fname /emp_lname /emp_nat_idno/emp_addr mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T03:31:04.091Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-274710 | CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.274710"
},
{
"name": "VDB-274710 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.274710"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-14T20:43:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-7814",
"datePublished": "2024-08-15T03:31:04.091Z",
"dateReserved": "2024-08-14T18:37:57.471Z",
"dateUpdated": "2024-09-03T18:04:42.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0782 (GCVE-0-2024-0782)
Vulnerability from nvd – Published: 2024-01-22 16:31 – Updated: 2024-10-21 10:53
VLAI
Title
CodeAstro Online Railway Reservation System pass-profile.php cross site scripting
Summary
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.251698 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.251698 | signaturepermissions-required |
| https://drive.google.com/drive/folders/1ecVTReqCS… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Railway Reservation System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251698"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251698"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0782",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T16:30:35.647264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T10:53:03.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Railway Reservation System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mohammed Aashique (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In CodeAstro Online Railway Reservation System 1.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei pass-profile.php. Durch das Manipulieren des Arguments First Name/Last Name/User Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T16:31:03.890Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251698"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251698"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-22T12:13:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Railway Reservation System pass-profile.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0782",
"datePublished": "2024-01-22T16:31:03.890Z",
"dateReserved": "2024-01-22T11:08:21.178Z",
"dateUpdated": "2024-10-21T10:53:03.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}