CVE-2024-40480

Name of the Vulnerable Software and Affected Versions Kashipara Online Exam System version 1.0

Description A Broken Access Control issue was found in "admin/update.php" and "admin/dashboard.php", allowing remote unauthenticated attackers to view the administrator dashboard and delete valid user accounts via direct URL access.

Recommendations For Kashipara Online Exam System version 1.0, as a temporary workaround, consider restricting access to the "admin/update.php" and "admin/dashboard.php" endpoints until a patch is available. Additionally, review and tighten access permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.