Skip to main content

Engineers Online Portal CVE-2024-0349

LOW
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CWE-614)
2024-01-09 cna@vuldb.com
3.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:34 vuln.today
CVE Published
Jan 09, 2024 - 23:15 nvd
LOW 3.7

DescriptionCVE.org

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.

AnalysisAI

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-614. A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. Affected products include: Engineers Online Portal Project Engineers Online Portal.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-5282 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-5281 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-5280 CRITICAL POC
9.8 Sep 29

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated critical sever

CVE-2023-5279 CRITICAL POC
9.8 Sep 29

A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Rated critical

CVE-2023-5278 CRITICAL POC
9.8 Sep 29

A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Rated critic

CVE-2023-5277 CRITICAL POC
9.8 Sep 29

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0.php. Rat

CVE-2023-5276 CRITICAL POC
9.8 Sep 29

A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. Rated critical severity

CVE-2021-42670 CRITICAL POC
9.8 Nov 05

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announ

CVE-2021-42669 CRITICAL POC
9.8 Nov 05

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which all

CVE-2021-42668 CRITICAL POC
9.8 Nov 05

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_cla

CVE-2021-42665 CRITICAL POC
9.8 Nov 05

An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of inde

CVE-2023-5284 HIGH POC
8.8 Sep 29

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Rated high severity

Share

CVE-2024-0349 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy