PT-2024-34632 · Unknown · Online Diagnostic Lab Management System Using Php
Black-Scorp10
·
Published
2024-10-31
·
Updated
2024-11-01
·
CVE-2024-51430
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
online diagnostic lab management system using php version 1.0
Description
The issue is related to a Cross Site Scripting (XSS) vulnerability. It allows a remote attacker to execute arbitrary code via the
Test Name parameter on the "diagnostic/add-test.php" component. This can potentially lead to the execution of malicious scripts.Recommendations
For online diagnostic lab management system using php version 1.0, consider disabling the
Test Name parameter in the "diagnostic/add-test.php" component until a patch is available. Restrict access to the diagnostic/add-test.php component to minimize the risk of exploitation. Avoid using the Test Name parameter in the affected component until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Online Diagnostic Lab Management System Using Php