CVE-2024-32167
Published: 10 June 2024
Summary
CVE-2024-32167 is a critical-severity an unspecified weakness vulnerability in Oretnom23 Online Medicine Ordering System. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 35.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-29986
Vulnerability details
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The arbitrary file deletion vulnerability enables adversaries to perform file deletion for indicator removal (T1070.004, T1107) and data destruction (T1485).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.