CVE-2024-3376: SourceCodester Computer Laboratory Management System config.php redirect
Description
A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability. Es wurde eine Schwachstelle in SourceCodester Computer Laboratory Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei config.php. Durch das Manipulieren des Arguments url mit unbekannten Daten kann eine execution after redirect-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-3376
CVSS Base Severity: HIGH
CVSS Base Score: 7.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Problem Types
CWE-698 Execution After RedirectAffected Products
Vendor: SourceCodester
Product: Computer Laboratory Management System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 1.02% (probability of being exploited)
EPSS Percentile: 74.62% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: total
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2024-3376https://vuldb.com/?id.259497
https://vuldb.com/?ctiid.259497
https://vuldb.com/?submit.311154
https://github.com/Sospiro014/zday1/blob/main/Execution_After_Redirect.md