CVE-2024-55231

{"id": "CVE-2024-55231", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-12-18T22:15:07.127", "references": [{"url": "https://github.com/CV1523/CVEs/blob/main/CVE-2024-55231.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/CV1523/CVEs/blob/main/CVE-2024-55231.md", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information."}, {"lang": "es", "value": "Una vulnerabilidad de IDOR en edit-notes.php module de PHPGurukul Online Notes Sharing Management System v1.0 permite que usuarios no autorizados modifiquen notas pertenecientes a otras cuentas debido a la falta de comprobaciones de autorizaci\u00f3n. Esta falla expone datos confidenciales y permite a los atacantes alterar la informaci\u00f3n de otro usuario."}], "lastModified": "2025-03-27T16:30:14.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:online_notes_sharing_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "088DBBD2-4F1A-4AB7-A05C-B29801C7210F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}