Vulnerabilities > CVE-2024-9297 - Missing Authorization vulnerability in Oretnom23 Railway Reservation System 1.0

CVSS 6.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

oretnom23

CWE-862

NVD

Published: 2024-09-28

Updated: 2024-10-01

Summary

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument page with the input trains/schedules/system_info leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vulnerable Configurations

Part	Description	Count
Application	Oretnom23 Oretnom23 Railway Reservation System 1.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://vuldb.com/?id.278791
https://vuldb.com/?ctiid.278791
https://vuldb.com/?submit.412500
https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Online-Railway-Reservation-PrivEsc.md
https://www.sourcecodester.com/