CVE-2024-8297: JWT Refresh Token Middleware Log Injection in Kitsada8621 Digital Library

Key Information 1. Vulnerability ID: - VDB-276072 - CVE-2024-8297 2. Affected Software: - Kitsada8621 Digital Library Management System 1.0 3. Affected File: - 4. Vulnerability Type: - JWT Refresh Token Middleware Authorization Neutralization for Logs 5. CVSS Meta Temp Score: - 5.2 6. Current Exploit Price: - $0-$5k 7. CTI Interest Score: - 2.92 8. Vulnerability Description: - The vulnerability exists in the function of Kitsada8621 Digital Library Management System 1.0. By passing unknown input to the parameter, it can lead to neutralization of logs. CWE classifies this issue as CWE-117. The product fails to properly neutralize or does not neutralize output, which impacts integrity. 9. Vulnerability Impact: - Can be exploited remotely. - Exploitation does not require any form of authentication. - Technical details are known, but no exploit tools are currently available. 10. Remediation Recommendation: - It is recommended to apply the patch to fix this issue. - The patch is available for download at . 11. Related Vulnerability IDs: - VDB-18386 - VDB-90806 - VDB-123336 - VDB-131096 Summary This vulnerability exists in the JWT Refresh Token Middleware of Kitsada8621 Digital Library Management System 1.0 and can be triggered by passing unknown input to the parameter. It may result in neutralization of logs, compromising the system's integrity. It is recommended to apply the patch to resolve this issue.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-8297: JWT Refresh Token Middleware Log Injection in Kitsada8621 Digital Library