CVE-2024-12353

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 9, 2024
Updated: Dec 10, 2024
CWE ID 20

Summary

CVE-2024-12353 is a newly disclosed vulnerability affecting the SourceCodester Phone Contact Manager System 1.0. The issue lies within the UserInterface::MenuDisplayStart function of the User Menu component, where input validation is found to be insufficient. An attacker can exploit this vulnerability by manipulating the argument name, leading to improper processing. This vulnerability requires local access and the exploit has been made public.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share