CVE-2024-5097

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published May 19, 2024

Updated: Jun 4, 2024

CWE ID 352

Summary

CVE-2024-5097 is a newly disclosed vulnerability affecting the SourceCodester Simple Inventory System 1.0. An unidentified function within the file /tableedit.php#page=editprice is the source of the issue. This vulnerability allows for cross-site request forgery (CSRF) attacks, enabling an attacker to manipulate the argument itemnumber and execute malicious actions. The exploit can be launched remotely, and the vulnerability identifier is VDB-265080. This problematic flaw has been made public, increasing the risk of potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v_rhCJ
https://www.cve.org/CVERecord?id=CVE-2024-5097
https://nvd.nist.gov/vuln/detail/CVE-2024-5097

Back to Vulnerability Database

CVE-2024-5097

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations