PT-2024-24454 · Unknown · Sourcecodester Online Medicine Ordering System
Jixin Zhang
+1
·
Published
2024-06-10
·
Updated
2024-08-01
·
CVE-2024-32167
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sourcecodester Online Medicine Ordering System version 1.0
Description
The issue allows for arbitrary file deletion due to a function in the backend settings that can delete any files, initially intended for deleting pictures.
Recommendations
For Sourcecodester Online Medicine Ordering System version 1.0, consider restricting access to the file deletion function in the backend settings to minimize the risk of exploitation. As a temporary workaround, limit the ability to delete files to only necessary personnel or roles until a more permanent fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Online Medicine Ordering System