CVE-2024-2064

A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379.

CVSS v3.0 4.3 MEDIUM

4.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md	Exploit Third Party Advisory
https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.255379	Permissions Required
https://vuldb.com/?ctiid.255379	Permissions Required
https://vuldb.com/?id.255379	Permissions Required
https://vuldb.com/?id.255379	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:rahman:selectcours:1.0:*:*:*:*:*:*:*

History

12 Dec 2024, 14:55

Type	Values Removed	Values Added
References	~~() https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md -~~	() https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?id.255379 -~~	() https://vuldb.com/?id.255379 - Permissions Required
References	~~() https://vuldb.com/?ctiid.255379 -~~	() https://vuldb.com/?ctiid.255379 - Permissions Required
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CPE		cpe:2.3:a:rahman:selectcours:1.0:::::::*
First Time		Rahman selectcours Rahman

01 Mar 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-01 14:15

Updated : 2024-12-12 14:55

NVD link : CVE-2024-2064

Mitre link : CVE-2024-2064

JSON object : View

Products Affected

rahman

selectcours

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md", "name": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md", "name": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.255379", "name": "VDB-255379 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.255379", "name": "VDB-255379 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.255379", "name": "VDB-255379 | rahman SelectCours Template CacheController.java getCacheNames injection", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.255379", "name": "VDB-255379 | rahman SelectCours Template CacheController.java getCacheNames injection", "tags": ["Permissions Required"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-2064", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2024-03-01T14:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rahman:selectcours:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-12-12T14:55Z"}