Pirolita

**Name of the Vulnerable Software and Affected Versions** Creartia ICMS (affected versions not specified) **Description** An authorization bypass exists that allows an attacker to gain unauthorized access to protected features. This is achieved by manipulating the HTTP redirect headers during the login process, which causes the script to continue execution and enables privilege escalation without requiring credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.