{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-8414","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-09-04T09:50:06.165Z","datePublished":"2024-09-04T16:31:05.409Z","dateUpdated":"2024-09-04T17:33:08.904Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-09-04T16:31:05.409Z"},"title":"SourceCodester Insurance Management System cross-site request forgery","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-352","lang":"en","description":"CWE-352 Cross-Site Request Forgery"}]}],"affected":[{"vendor":"SourceCodester","product":"Insurance Management System","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"In SourceCodester Insurance Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion. Durch Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N"}}],"timeline":[{"time":"2024-09-04T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-09-04T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-09-04T11:55:15.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Kartikj.infosec (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.276493","name":"VDB-276493 | SourceCodester Insurance Management System cross-site request forgery","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.276493","name":"VDB-276493 | CTI Indicators (IOB, IOC)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.402344","name":"Submit #402344 | SourceCodester Insurance Management System PHP and MySQL 1.0 CSRF","tags":["third-party-advisory"]},{"url":"https://drive.google.com/file/d/1LMkTt5gbVXnRB9m9o2MdgB1S0fsSAvGL/view","tags":["exploit"]},{"url":"https://www.sourcecodester.com/","tags":["product"]}]},"adp":[{"affected":[{"vendor":"sourcecodester","product":"insurance_management_system","cpes":["cpe:2.3:a:sourcecodester:insurance_management_system:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-04T17:32:32.548857Z","id":"CVE-2024-8414","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-04T17:33:08.904Z"}}]}}