CVE-2024-1823

A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr	Exploit
https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr	Exploit
https://vuldb.com/?ctiid.254611	Permissions Required
https://vuldb.com/?ctiid.254611	Permissions Required
https://vuldb.com/?id.254611	Third Party Advisory
https://vuldb.com/?id.254611	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:simple_voting_system:1.0:*:*:*:*:*:*:*

History

07 Dec 2024, 02:59

Type	Values Removed	Values Added
References	~~() https://vuldb.com/?id.254611 -~~	() https://vuldb.com/?id.254611 - Third Party Advisory
References	~~() https://vuldb.com/?ctiid.254611 -~~	() https://vuldb.com/?ctiid.254611 - Permissions Required
References	~~() https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr -~~	() https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr - Exploit
CPE		cpe:2.3:a:codeastro:simple_voting_system:1.0:::::::*
CWE	~~CWE-284~~	NVD-CWE-noinfo
First Time		Codeastro Codeastro simple Voting System
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3

23 Feb 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-23 16:15

Updated : 2024-12-07 02:59

NVD link : CVE-2024-1823

Mitre link : CVE-2024-1823

JSON object : View

Products Affected

codeastro

simple_voting_system

CWE

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr", "name": "https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr", "tags": ["Exploit"], "refsource": ""}, {"url": "https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr", "name": "https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr", "tags": ["Exploit"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.254611", "name": "VDB-254611 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.254611", "name": "VDB-254611 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.254611", "name": "VDB-254611 | CodeAstro Simple Voting System Backend users.php access control", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?id.254611", "name": "VDB-254611 | CodeAstro Simple Voting System Backend users.php access control", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-1823", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2024-02-23T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:codeastro:simple_voting_system:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-07T02:59Z"}