PT-2024-20255 · Sourcecodester · Sourcecodester Workout Journal App
Published
2024-03-20
·
Updated
2025-04-23
·
CVE-2024-24050
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Workout Journal App version 1.0
Description
The issue allows attackers to run arbitrary code via parameters
firstname and lastname in the "/add-user.php" API endpoint. This enables attackers to execute arbitrary code, potentially leading to security breaches.Recommendations
For Sourcecodester Workout Journal App version 1.0, consider validating and sanitizing user input for the
firstname and lastname parameters in the "/add-user.php" endpoint to prevent arbitrary code execution. As a temporary workaround, restrict access to the "/add-user.php" endpoint until a proper fix is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Workout Journal App