CVE-2024-4645

Summary

CVE-2024-4645 is a recently disclosed vulnerability affecting the SourceCodester Prison Management System version 1.0. This issue is classified as a cross-site scripting (XSS) vulnerability, which can be triggered through the manipulation of arguments in the /Admin/changepassword.php file. Specifically, the txtold_password, txtnew_password, and txtconfirm_password arguments are susceptible to XSS attacks, potentially allowing an attacker to inject malicious scripts. The exploit can be initiated remotely, making it a significant security risk. The vulnerability has been made public, increasing the likelihood of active exploitation. The Vulnerability Database has assigned the identifier VDB-263489 to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.