CVE-2024-12353
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Dec 9, 2024
Updated: Dec 10, 2024
CWE ID 20
Summary
CVE-2024-12353 is a newly disclosed vulnerability affecting the SourceCodester Phone Contact Manager System 1.0. The issue lies within the UserInterface::MenuDisplayStart function of the User Menu component, where input validation is found to be insufficient. An attacker can exploit this vulnerability by manipulating the argument name, leading to improper processing. This vulnerability requires local access and the exploit has been made public.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share