CVE-2024-2577

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 18, 2024

Updated: May 17, 2024

CWE ID 401

Summary

CVE-2024-2577 is a newly disclosed critical vulnerability in the SourceCodester Employee Task Management System 1.0. This issue resides in unknown code within the /update-employee.php file, enabling an attacker to bypass authorization checks through manipulation of the admin_id argument. The vulnerability can be exploited remotely, and the exploit has already been made public, increasing the threat to affected systems. Organizations using this software are urged to apply the necessary patches as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ufTa4m
https://www.cve.org/CVERecord?id=CVE-2024-2577
https://nvd.nist.gov/vuln/detail/CVE-2024-2577

Back to Vulnerability Database

CVE-2024-2577

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations