Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save förfalskning på begäran över webbplatsen

InträdeHistoryDiffjsonxmlCTI

En problematisksvag punkt hittades i Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Som påverkar en okänd funktion filen /Setting/change_password_save av komponenten Password Reset Handler. Manipulering en okänd ingång leder till en sårbarhet klass förfalskning på begäran över webbplatsen svag punkt. Den rådgivande finns tillgänglig för nedladdning på drive.google.com. Denna svaga punkt behandlas som CVE-2024-2277. Attacken på nätet kan. Det finns tekniska detaljer känd. Han deklarerade proof-of-concept. Den exploit kan laddas ner från drive.google.com. En möjlig åtgärd har utfärdats före och inte bara efter offentliggörandet.

Fält	07/03/2024 15:55	05/04/2024 17:27	05/04/2024 17:34
vendor	Bdtask	Bdtask	Bdtask
name	G-Prescription Gynaecology & OBS Consultation Software	G-Prescription Gynaecology & OBS Consultation Software	G-Prescription Gynaecology & OBS Consultation Software
version	1.0	1.0	1.0
component	Password Reset Handler	Password Reset Handler	Password Reset Handler
file	/Setting/change_password_save	/Setting/change_password_save	/Setting/change_password_save
cwe	352 (förfalskning på begäran över webbplatsen)	352 (förfalskning på begäran över webbplatsen)	352 (förfalskning på begäran över webbplatsen)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk	https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk	https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk
availability	1	1	1
publicity	1	1	1
url	https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk	https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk	https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk
cve	CVE-2024-2277	CVE-2024-2277	CVE-2024-2277
responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
date	1709766000 (07/03/2024)	1709766000 (07/03/2024)	1709766000 (07/03/2024)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	4.3
cvss3_meta_tempscore	3.9	3.9	4.1
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1709766000 (07/03/2024)	1709766000 (07/03/2024)
cve_nvd_summary		A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_vuldb_av		N	N
cvss4_vuldb_ac		L	L
cvss4_vuldb_pr		N	N
cvss4_vuldb_vc		N	N
cvss4_vuldb_vi		L	L
cvss4_vuldb_va		N	N
cvss4_vuldb_e		P	P
cvss4_vuldb_at		N	N
cvss4_vuldb_ui		N	N
cvss4_vuldb_sc		N	N
cvss4_vuldb_si		N	N
cvss4_vuldb_sa		N	N
cvss4_vuldb_bscore		6.9	6.9
cvss4_vuldb_btscore		5.5	5.5
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			N
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			5.0
cvss3_cna_basescore			4.3

◂ Tidigare Översikt Nästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!