CVE-2024-8558
Published: 07 September 2024
Summary
CVE-2024-8558 is a medium-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Oretnom23 Food Ordering Management System. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49262
Vulnerability details
A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. This vulnerability affects unknown code of the file /foms/routers/place-order.php of the component Price Handler. The manipulation of the argument total leads to improper validation of specified…
more
quantity in input. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables exploitation of a public-facing web application (T1190) via improper validation of the 'total' parameter in place-order.php, allowing unrestricted amount modification in payment data packets, which facilitates financial theft (T1657) by underpaying or manipulating order costs.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.