PT-2023-19732 · Unknown · Bludit Cms
Published
2023-09-01
·
Updated
2023-09-07
·
CVE-2023-24674
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bludit CMS version 4.0.0
Description
A permissions issue allows local attackers to escalate privileges via the
role:admin parameter. This issue can be exploited by attackers to gain elevated access.Recommendations
For Bludit CMS version 4.0.0, avoid using the
role:admin parameter until a fix is available. As a temporary workaround, consider restricting access to administrative roles to minimize the risk of exploitation.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bludit Cms