FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-2155

External Control of File Name or Path (CWE-73)

Published: Mar 4, 2024 / Updated: 8mo ago

010
CVSS 4.3EPSS 0.05%Medium
CVE info copied to clipboard

A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-2155

Mar 3, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-2155. See article

Mar 4, 2024 at 1:21 AM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.05% (Percentile: 12.5%)

Mar 4, 2024 at 3:21 PM
Static CVE Timeline Graph

Affected Systems

Best_pos_management_system_project/best_pos_management_system
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-13: Subverting Environment Variable Values
+null more

News

Update Tue Oct 15 06:42:07 UTC 2024
Recent Commits to cve:main / 35d
Update Tue Oct 15 06:42:07 UTC 2024
Update Tue Oct 1 06:37:51 UTC 2024
Recent Commits to cve:main / 49d
Update Tue Oct 1 06:37:51 UTC 2024
CVE-2024-2155
Vulners.com RSS Feed / 8mo
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
NA - CVE-2024-2155 - A vulnerability was found in SourceCodester...
Security-Database Alerts Monitor : Last 100 Alerts / 8mo
A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the...
CVE-2024-2155
CyberSecurityBoard.com Cyber News | RSS Feed / 8mo
A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been CVE-2024-2155 originally published on CyberSecurityBoard
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

CVSS 4.3(21798)CWE-73(152)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial