漏洞详情: CVE-2024-5097

漏洞标题
SourceCodester Simple Inventory System tableedit.php#page=editprice cross-site request forgery
来源:NVD
Simple Inventory System 跨站请求伪造漏洞
来源:CNNVD
SourceCodester 简易库存系统 tableedit.php#page=editprice 跨站请求伪造
来源:神龙机器人
漏洞描述
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265080.
来源:NVD
Simple Inventory System是argie个人开发者的一个简单库存系统。 SourceCodester Simple Inventory System 1.0版本存在跨站请求伪造漏洞,该漏洞源于文件/tableedit.php#page=editprice的参数itemnumber会导致跨站请求伪造。
来源:CNNVD
在SourceCodester Simple Inventory System 1.0中发现了一个被归类为有问题的漏洞。受到影响的是文件 /tableedit.php#page=editprice中的一个未知函数。通过操纵参数itemnumber,可以导致跨站请求伪造(Cross-site Request Forgery, CSRF)。该攻击可以远程执行。漏洞已经被公开披露,并可能被利用。该漏洞的标识为VDB-265080。
来源:神龙机器人
漏洞评分(CVSS)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
来源:NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
来源:神龙机器人, 准确率:8/8 = 100.00%
漏洞类别
跨站请求伪造(CSRF)
来源:NVD
跨站请求伪造
来源:CNNVD
相关链接