PT-2023-31436 · Unknown · Customer Support System
Geraldo Alcântara
·
Publicado
2023-12-20
·
Atualizado
2024-08-03
·
CVE-2023-49978
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Customer Support System version v1
Description
The issue is related to incorrect access control, allowing non-administrator users to access administrative pages and execute actions that are supposed to be reserved for administrators.
Recommendations
For Customer Support System version v1, consider restricting access to administrative pages and functions to minimize the risk of exploitation until a proper fix is implemented. As a temporary workaround, review and enforce strict access controls to ensure that only authorized users can perform administrative actions.
Exploit
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Customer Support System