cve-2024-8555
Vulnerability from cvelistv5
Published
2024-09-07 14:31
Modified
2024-09-09 15:13
Severity
6.9 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
SourceCodester Clinics Patient Management System congratulations.php redirect
References
SourceURLTags
cna@vuldb.comhttps://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Open-Redirect.mdExploit, Third Party Advisory
cna@vuldb.comhttps://vuldb.com/?ctiid.276774Permissions Required, Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.276774Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?submit.402386Third Party Advisory, VDB Entry
cna@vuldb.comhttps://www.sourcecodester.com/Product
Impacted products
VendorProduct
SourceCodesterClinics Patient Management System
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T15:13:39.522776Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T15:13:49.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Clinics Patient Management System",
          "vendor": "SourceCodester",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "guru (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in SourceCodester Clinics Patient Management System 2.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei congratulations.php. Durch die Manipulation des Arguments goto_page mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601 Open Redirect",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-07T14:31:04.341Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-276774 | SourceCodester Clinics Patient Management System congratulations.php redirect",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.276774"
        },
        {
          "name": "VDB-276774 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.276774"
        },
        {
          "name": "Submit #402386 | SourceCodester Clinics Patient Management System 2.0 Open Redirect",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.402386"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic\u0027s-Patient-Management-System-Open-Redirect.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.sourcecodester.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-06T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-09-06T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-09-06T23:27:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SourceCodester Clinics Patient Management System congratulations.php redirect"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-8555",
    "datePublished": "2024-09-07T14:31:04.341Z",
    "dateReserved": "2024-09-06T21:22:40.504Z",
    "dateUpdated": "2024-09-09T15:13:49.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-8555\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2024-09-07T15:15:10.420\",\"lastModified\":\"2024-09-10T13:53:11.847\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad en SourceCodester Clinics Patient Management System 2.0. Se ha clasificado como problem\u00e1tica. Se ve afectada una funci\u00f3n desconocida del archivo congratulations.php. La manipulaci\u00f3n del argumento goto_page provoca una redirecci\u00f3n abierta. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"LOW\",\"vulnerableSystemAvailability\":\"NONE\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oretnom23:clinic\\\\\u0027s_patient_management_system:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C42E685-5417-462F-8547-C6D1E64BFE26\"}]}]}],\"references\":[{\"url\":\"https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic\u0027s-Patient-Management-System-Open-Redirect.md\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.276774\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.276774\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.402386\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.sourcecodester.com/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Product\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.