CVE-2024-12353

Name of the Vulnerable Software and Affected Versions SourceCodester Phone Contact Manager System version 1.0

Description The issue is related to insufficient input validation, which can allow an attacker to execute arbitrary code. It affects the function UserInterface::MenuDisplayStart of the component User Menu, where the manipulation of the name argument leads to improper input validation. This requires a local attack. The exploit has been disclosed publicly.

Recommendations For version 1.0, as a temporary workaround, consider restricting access to the UserInterface::MenuDisplayStart function until a patch is available. Additionally, avoid manipulating the name argument in the User Menu component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.