PT-2024-24123 · Unknown · Insurance Management System
Published
2024-04-26
·
Updated
2024-07-03
·
CVE-2024-31502
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Insurance Management System versions 1.0.0 and earlier
Description
The issue allows a remote attacker to escalate privileges via a crafted POST request to "/admin/core/new staff".
Recommendations
For versions 1.0.0 and earlier, consider restricting access to the "/admin/core/new staff" endpoint until a patch is available.
As a temporary workaround, avoid using the "/admin/core/new staff" endpoint for new staff additions until the issue is resolved.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Insurance Management System