Skip to main content

Payroll Management System CVE-2024-10371

MEDIUM
Classic Buffer Overflow (CWE-120)
2024-10-25 cna@vuldb.com
5.3
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vuldb) · only source for this CVE.

CVSS VectorVendor: vuldb

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Oct 25, 2024 - 02:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. Affected products include: Razormist Payroll Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2024-34833 CRITICAL POC
9.8 Jun 17

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Rated critical severity (CVSS 9.8), this vul

CVE-2022-28468 CRITICAL POC
9.8 Apr 05

Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated

CVE-2024-8567 MEDIUM POC
6.9 Sep 08

A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0.php?acti

CVE-2024-8081 MEDIUM POC
6.9 Aug 22

A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Rated medium severity (C

CVE-2024-37831 CRITICAL
9.8 Jun 14

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. Rat

CVE-2025-3134 MEDIUM POC
5.3 Apr 03

A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. Rated medium sever

CVE-2025-3039 MEDIUM POC
5.3 Mar 31

A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnera

CVE-2025-3038 MEDIUM POC
5.3 Mar 31

A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical.php. Rated medium se

CVE-2025-2985 MEDIUM POC
5.3 Mar 31

A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnera

CVE-2025-2984 MEDIUM POC
5.3 Mar 31

A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Rated medium severi

CVE-2025-2854 MEDIUM POC
5.3 Mar 27

A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Rated medium severity (

CVE-2025-2672 MEDIUM POC
5.3 Mar 23

A vulnerability was found in code-projects Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnera

Share

CVE-2024-10371 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy