CodeAstro Internet Banking System up to 1.0 Profile Picture pages_account.php unrestricted upload

EntryDiffrelatejsonxmlCTI

A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The CWE definition for the vulnerability is CWE-434. The weakness was shared 01/02/2024. The advisory is shared at drive.google.com. The identification of this vulnerability is CVE-2024-0194. The attack may be initiated remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1608.002 for this issue. It is declared as proof-of-concept. The exploit is available at drive.google.com. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

1	48

Field

vulnerability_cvss3_meta_tempscore	2
vulnerability_cvss3_meta_basescore	2
vulnerability_cvss3_cna_basescore	1
vulnerability_cvss3_nvd_basescore	1
vulnerability_cvss2_nvd_basescore	1

Commit Conf

90%	37
70%	25
50%	10

Approve Conf

90%	37
70%	25
80%	10

72 Commits

ID	Commited	User	Field	Change	Remarks	Accepted	Status	C
15424523	01/22/2024	VulD...	cvss3_cna_basescore	6.3	see CVSS documentation	01/22/2024	accepted	90
15424522	01/22/2024	VulD...	cvss3_nvd_basescore	9.8	nist.gov	01/22/2024	accepted	90
15424521	01/22/2024	VulD...	cvss2_nvd_basescore	6.5	nist.gov	01/22/2024	accepted	90
15424520	01/22/2024	VulD...	cvss3_meta_tempscore	7.3	see CVSS documentation	01/22/2024	accepted	90
15424519	01/22/2024	VulD...	cvss3_meta_basescore	7.5	see CVSS documentation	01/22/2024	accepted	90
15424518	01/22/2024	VulD...	cve_cna	VulDB	nvd.nist.gov	01/22/2024	accepted	70
15424517	01/22/2024	VulD...	cvss3_cna_a	L	nvd.nist.gov	01/22/2024	accepted	70
15424516	01/22/2024	VulD...	cvss3_cna_i	L	nvd.nist.gov	01/22/2024	accepted	70
15424515	01/22/2024	VulD...	cvss3_cna_c	L	nvd.nist.gov	01/22/2024	accepted	70
15424514	01/22/2024	VulD...	cvss3_cna_s	U	nvd.nist.gov	01/22/2024	accepted	70
15424513	01/22/2024	VulD...	cvss3_cna_ui	N	nvd.nist.gov	01/22/2024	accepted	70
15424512	01/22/2024	VulD...	cvss3_cna_pr	L	nvd.nist.gov	01/22/2024	accepted	70
15424511	01/22/2024	VulD...	cvss3_cna_ac	L	nvd.nist.gov	01/22/2024	accepted	70
15424510	01/22/2024	VulD...	cvss3_cna_av	N	nvd.nist.gov	01/22/2024	accepted	70
15424509	01/22/2024	VulD...	cvss2_nvd_ai	P	nvd.nist.gov	01/22/2024	accepted	70
15424508	01/22/2024	VulD...	cvss2_nvd_ii	P	nvd.nist.gov	01/22/2024	accepted	70
15424507	01/22/2024	VulD...	cvss2_nvd_ci	P	nvd.nist.gov	01/22/2024	accepted	70
15424506	01/22/2024	VulD...	cvss2_nvd_au	S	nvd.nist.gov	01/22/2024	accepted	70
15424505	01/22/2024	VulD...	cvss2_nvd_ac	L	nvd.nist.gov	01/22/2024	accepted	70
15424504	01/22/2024	VulD...	cvss2_nvd_av	N	nvd.nist.gov	01/22/2024	accepted	70

52 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 52 results.

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!