PT-2022-17032 · Unknown · Jqueryform
Paul Bisso
·
Published
2022-02-16
·
Updated
2023-08-08
·
CVE-2022-24985
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JQueryForm.com versions prior to 2022-02-05
Description
The issue allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is particularly relevant when an organization hosts multiple forms on their server.
Recommendations
For versions prior to 2022-02-05, consider restricting access to the administrative section of forms until a fix is applied, and ensure that each form's authentication is properly configured to prevent unauthorized access.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jqueryform