{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-12354","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-12-08T17:08:42.498Z","datePublished":"2024-12-09T01:31:05.768Z","dateUpdated":"2024-12-09T20:12:30.989Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-12-09T01:31:05.768Z"},"title":"SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"SourceCodester","product":"Phone Contact Manager System","versions":[{"version":"1.0","status":"affected"}],"modules":["User Menu"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine Schwachstelle in SourceCodester Phone Contact Manager System 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion UserInterface::MenuDisplayStart der Komponente User Menu. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.3,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.3,"vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4.3,"vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-12-08T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-12-08T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-12-08T18:13:56.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Jason huibin wong (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.287274","name":"VDB-287274 | SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.287274","name":"VDB-287274 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.457477","name":"Submit #457477 | SourceCodester Phone Contact Manager System V1.0 Improper Input Validation","tags":["third-party-advisory"]},{"url":"https://github.com/jasontimwong/CVE/issues/2","tags":["exploit","issue-tracking"]},{"url":"https://www.sourcecodester.com/","tags":["product"]}]},"adp":[{"affected":[{"vendor":"sourcecodester","product":"phone_shop_sales_managements_system_using_php_with_source_code","cpes":["cpe:2.3:a:sourcecodester:phone_shop_sales_managements_system_using_php_with_source_code:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-09T20:11:49.752135Z","id":"CVE-2024-12354","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-09T20:12:30.989Z"}}]}}