CVE-2024-42764 – Kashipara Bus Ticket Reservation System v1.0 ha... (How to Fix)

📋 TL;DR

Kashipara Bus Ticket Reservation System v1.0 has a CSRF vulnerability in /deleteTicket.php that allows attackers to trick authenticated users into performing unauthorized ticket deletions. This affects all users of the vulnerable system version who have authenticated access to the ticket management interface.

💻 Affected Systems

Products:

Kashipara Bus Ticket Reservation System

Versions: v1.0

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface deployments; requires authenticated user sessions to exploit.

📦 What is this software?

Bus Ticket Reservation System by Kjayvik

View all CVEs affecting Bus Ticket Reservation System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all tickets in the system, causing complete disruption of business operations and financial losses from canceled reservations.

🟠

Likely Case

Targeted deletion of specific tickets or batches of tickets, leading to customer complaints, operational disruption, and potential financial liability.

🟢

If Mitigated

With proper CSRF protections, no unauthorized actions can be performed even if users visit malicious pages.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement; requires user to be authenticated and visit malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.kashipara.com/

Restart Required: No

Instructions:

1. Check vendor website for security updates
2. Apply any available patches
3. Implement CSRF tokens if patching not available

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add anti-CSRF tokens to all state-changing forms and validate them server-side

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies to prevent cross-site requests

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF attempts
Restrict access to the vulnerable endpoint using network segmentation or authentication requirements

🔍 How to Verify

Check if Vulnerable:

Test if /deleteTicket.php accepts requests without CSRF tokens when user is authenticated

Check Version:

Check system version in admin panel or configuration files

Verify Fix Applied:

Verify that all state-changing endpoints require and validate CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple DELETE requests to /deleteTicket.php from same session
Unusual patterns of ticket deletions

Network Indicators:

Requests to /deleteTicket.php without Referer header or with external Referer
POST requests from unexpected origins

SIEM Query:

source="web_logs" AND uri="/deleteTicket.php" AND (referer="" OR NOT referer CONTAINS "yourdomain.com")

📊 Metadata

CVE ID: CVE-2024-42764

CVSS v3 Score: 9.4 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE: CWE-352

Published: August 23, 2024

Last Updated: May 6, 2025

🔗 References

https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/CSRF.pdf Exploit,Third Party Advisory
https://www.kashipara.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42764, you might also want to check these: