Paul Rivera

3 exploits Active since Mar 2024
CVE-2024-2481 WRITEUP MEDIUM WRITEUP
Surya2Developer Hostel Management System 1.0 - Info Disclosure
A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability.
CVSS 6.5
CVE-2024-2482 WRITEUP LOW WRITEUP
Surya2Developer Hostel Management Service 1.0 - Info Disclosure
A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891.
CVSS 3.7
CVE-2024-2483 WRITEUP MEDIUM WRITEUP
Surya2Developer Hostel Management Service 1.0 - CSRF
A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability.
CVSS 4.3