github - ghsa-m8vf-vpr3-f452

ghsa-m8vf-vpr3-f452

Vulnerability from github

Published

2024-09-07 15:30

Modified

2024-09-07 15:30

Severity

4.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.9 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Details

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-8555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-07T15:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-m8vf-vpr3-f452",
  "modified": "2024-09-07T15:30:30Z",
  "published": "2024-09-07T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8555"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic\u0027s-Patient-Management-System-Open-Redirect.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.276774"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.276774"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.402386"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

cve-2024-8555

Vulnerability from cvelistv5

Published

2024-09-07 14:31

Modified

2024-09-09 15:13

Severity

6.9 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

SourceCodester Clinics Patient Management System congratulations.php redirect

References

URL	Tags
https://vuldb.com/?id.276774	vdb-entry, technical-description
https://vuldb.com/?ctiid.276774	signature, permissions-required
https://vuldb.com/?submit.402386	third-party-advisory
https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Clinic's-Patient-Management-System-Open-Redirect.md	exploit
https://www.sourcecodester.com/	product

Impacted products

Vendor	Product
SourceCodester	Clinics Patient Management System

Show details on NVD website