Skip to main content

Thinksaas CVE-2024-40455

LOW
Cross-Site Request Forgery (CSRF) (CWE-352)
2024-07-16 cve@mitre.org
2.7
CVSS 3.1 · Vendor: mitre

Severity by source

Vendor (mitre) PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 16, 2024 - 20:15 cve.org
LOW 2.7

DescriptionCVE.org

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.

AnalysisAI

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. Affected products include: Thinksaas.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2024-40456 CRITICAL POC
9.8 Jul 16

ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update

CVE-2024-33101 MEDIUM POC
6.1 Apr 30

A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers

CVE-2019-16665 MEDIUM POC
6.1 Sep 21

An issue was discovered in ThinkSAAS 2.91. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,

CVE-2024-33102 MEDIUM POC
5.4 Apr 30

A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attacker

CVE-2018-15130 MEDIUM POC
5.4 Aug 07

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. Rated medium sever

CVE-2018-15129 MEDIUM POC
5.4 Aug 07

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. Rated medium seve

CVE-2024-6942 MEDIUM POC
5.3 Jul 21

A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Rated medium severity (CVSS 5.3), th

CVE-2024-6941 MEDIUM POC
5.3 Jul 21

A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0.php. Rated medium severity (CVSS

CVE-2019-16664 MEDIUM POC
4.8 Sep 21

An issue was discovered in ThinkSAAS 2.91. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable,

Share

CVE-2024-40455 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy