CVE-2024-2483 MEDIUM

CVE-2024-2483: Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery

Vendor Surya2Developer
Product Hostel Management Service
Weakness CWE-352 · CSRF
Published March 15, 2024
Last update August 26, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability.

Key dates

02Disclosure timeline

March 15, 2024 CVE published
August 26, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-38789 WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2022-1761 Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF CVE-2012-10015 BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery CVE-2022-41996 WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability CVE-2024-49615 WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability