PT-2024-36161 · Sourcecodester · Sourcecodester Simple Online Bidding System
Kaikai145154
·
Published
2024-05-28
·
Updated
2024-12-10
·
CVE-2024-5428
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
SourceCodester Simple Online Bidding System version 1.0
Description:
A problematic vulnerability was found in the SourceCodester Simple Online Bidding System, affecting the
save product function of the file /admin/index.php?page=manage product in the HTTP POST Request Handler component. This vulnerability leads to cross-site request forgery and can be launched remotely.Recommendations:
For version 1.0, consider disabling the
save product function as a temporary workaround until a patch is available. Restrict access to the /admin/index.php?page=manage product endpoint to minimize the risk of exploitation. Avoid using the save product function in the affected HTTP POST Request Handler component until the issue is resolved.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Simple Online Bidding System