CVE-2024-6807

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Published Jul 17, 2024

Updated: Aug 6, 2024

CWE ID 79

Summary

CVE-2024-6807 is a newly disclosed vulnerability affecting the SourceCodester Student Study Center Desk Management System 1.0. This issue lies in the HTTP POST Request Handler's component, specifically the /sscdms/classes/Users.php?f=save file. An attacker can exploit a cross-site scripting (XSS) vulnerability by manipulating the arguments firstname, middlename, lastname, or username during an HTTP POST request. This vulnerability allows for remote code injection, posing a significant security risk. The exploit for this issue has been made public, increasing the urgency for affected organizations to apply patches or other mitigations. VDB-271706 is the assigned identifier for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database