Vulnerabilities > CVE-2024-40480 - Unspecified vulnerability in Jayesh Online Exam System 1.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jayesh

critical

NVD

Published: 2024-08-12

Updated: 2024-08-21

Summary

A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.

Vulnerable Configurations

Part	Description	Count
Application	Jayesh Jayesh Online Exam System 1.0	1

References

https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Broken%20Access%20Control%20-%20Admin%20Dashboard%20and%20User%20Deletion.pdf