CVE-2024-8216 | nafisulbari/itsourcecode Insurance Management System 1.0 Payment editPayment.php recipt_no access control

Posted by Angelo Barbosa | Aug 27, 2024 | CVE

A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls.

This vulnerability is handled as CVE-2024-8216. The attack may be launched remotely. There is no exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-8216 | nafisulbari/itsourcecode Insurance Management System 1.0 Payment editPayment.php recipt_no access control

Related Posts

CVE-2022-28656 | Canonical Apport up to 2.20.x is_closing_session resource consumption (USN-5427-1)

CVE-2024-37036 | Schneider Electric Sage 4400 up to C3414-500-S02K5_P8 POST Request out-of-bounds write (SEVD-2024-163-05)

CVE-2024-23148 | Autodesk AutoCAD/Advance Steel and Civil 3D 2024 CATPRODUCT File CC5Dll.dll memory corruption

CVE-2024-42356 | Shopware up to 6.5.8.12/6.6.5.0 context special elements used in a template engine (GHSA-35jp-8cgg-p4wj)