PT-2021-16726 · Unknown · Testes De Codigo
João Varelas
·
Published
2021-02-16
·
Updated
2023-08-08
·
CVE-2021-25648
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Testes de Codigo versions 11.4 and prior
Description
The issue allows an attacker to gain access to the administrative interface and premium features by tampering with the boolean value of parameters
isAdmin and isPremium located on device storage.Recommendations
For versions 11.4 and prior, consider restricting access to the administrative interface and premium features until a patch is available. As a temporary workaround, avoid using the parameters
isAdmin and isPremium or restrict their modification to prevent unauthorized access.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Testes De Codigo