CVE-2024-12666

Name of the Vulnerable Software and Affected Versions ClassCMS versions up to 4.8

Description A critical issue has been found in the User Management Page component, specifically affecting an unknown functionality of the file "/admin?do=admin:user:editPost". This issue leads to improper handling of insufficient privileges, allowing for remote attacks. The exploit has been disclosed publicly and can be used.

Recommendations For ClassCMS versions up to 4.8, as a temporary workaround, consider restricting access to the "/admin?do=admin:user:editPost" endpoint until a patch is available. Additionally, review and restrict privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.