CVE-2024-32167

CRITICAL

Sourcecodester Online Medicine Ordering System 1.0 - Info Disclosure

Title source: llm

Description

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/ss122-0ss/cms/blob/main/omos.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0015

EPSS Percentile 35.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

Status published

Products (1)

oretnom23/online_medicine_ordering_system 1.0

Published Jun 10, 2024

Tracked Since Feb 18, 2026