github - ghsa-75r9-xh7m-qfvx

ghsa-75r9-xh7m-qfvx

Vulnerability from github

Published

2024-09-07 18:30

Modified

2024-09-07 18:30

Severity

4.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Details

A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-8558"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-07T16:15:02Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-75r9-xh7m-qfvx",
  "modified": "2024-09-07T18:30:23Z",
  "published": "2024-09-07T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8558"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Niu-zida/cve/blob/main/Payment%20loopholes.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.276778"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.276778"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.403345"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-8558

Vulnerability from cvelistv5

Published

2024-09-07 15:31

Modified

2024-09-09 18:20

Severity

5.3 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

SourceCodester Food Ordering Management System Price place-order.php improper validation of specified quantity in input

References

URL	Tags
https://vuldb.com/?id.276778	vdb-entry, technical-description
https://vuldb.com/?ctiid.276778	signature, permissions-required
https://vuldb.com/?submit.403345	third-party-advisory
https://github.com/Niu-zida/cve/blob/main/Payment%20loopholes.md	exploit
https://www.sourcecodester.com/	product

Impacted products

Vendor	Product
SourceCodester	Food Ordering Management System

Show details on NVD website