PT-2023-19732 · Unknown · Bludit Cms
Publicado
2023-09-01
·
Atualizado
2023-09-07
·
CVE-2023-24674
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bludit CMS version 4.0.0
Description
A permissions issue allows local attackers to escalate privileges via the
role:admin parameter. This issue can be exploited by attackers to gain elevated access.Recommendations
For Bludit CMS version 4.0.0, avoid using the
role:admin parameter until a fix is available. As a temporary workaround, consider restricting access to administrative roles to minimize the risk of exploitation.Exploit
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bludit Cms