Platform
php
Component
student-study-center-desk-management-system
Fixed in
1.0.1
CVE-2024-6807 is a cross-site scripting (XSS) vulnerability identified in the Student Study Center Desk Management System, specifically affecting version 1.0. This vulnerability allows attackers to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The vulnerability resides in the /sscdms/classes/Users.php file, where manipulation of user input fields can trigger the XSS payload. A patch is available in version 1.0.1.
An attacker can exploit this XSS vulnerability by crafting a malicious URL containing specially crafted input for the firstname, middlename, lastname, or username parameters within the /sscdms/classes/Users.php endpoint. When a user visits this URL, the injected script will execute in their browser context, allowing the attacker to steal cookies, redirect the user to a phishing site, or modify the content of the page. The impact is primarily focused on user accounts within the Student Study Center Desk Management System, potentially compromising sensitive data and application functionality. While the CVSS score is LOW, the ease of exploitation and potential for user compromise should not be underestimated.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. While no active campaigns have been definitively linked to CVE-2024-6807, the availability of public information makes it a potential target for opportunistic attackers. The vulnerability was published on 2024-07-17. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.23% (46% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-6807 is to upgrade the Student Study Center Desk Management System to version 1.0.1, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /sscdms/classes/Users.php endpoint to sanitize user-supplied data. Web application firewalls (WAFs) can also be configured to detect and block malicious requests containing XSS payloads targeting this endpoint. Regularly review and update the application's security configuration to minimize the attack surface.
Update the Student Study Center Desk Management System to a version later than 1.0, if available, that fixes the Cross-Site Scripting (XSS) vulnerability. If no update is available, review and filter the inputs of the firstname, middlename, lastname, and username fields in the file /sscdms/classes/Users.php?f=save to prevent the injection of malicious code.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-6807 is a cross-site scripting (XSS) vulnerability affecting Student Study Center Desk Management System version 1.0, allowing attackers to inject malicious scripts via the /sscdms/classes/Users.php endpoint.
You are affected if you are using Student Study Center Desk Management System version 1.0. Upgrade to version 1.0.1 to resolve the issue.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the /sscdms/classes/Users.php endpoint.
While no active campaigns have been confirmed, the public disclosure of this vulnerability increases the risk of exploitation.
Refer to the SourceCodester website or relevant security forums for the official advisory regarding CVE-2024-6807.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.