PT-2024-27130 · Ppgo Jobs · Ppgo Jobs
Published
2024-06-12
·
Updated
2024-08-21
·
CVE-2024-36691
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
PPGo Jobs version 2.8.0
Description
The issue is related to insecure permissions in the
AdminController.AjaxSave() method, allowing authenticated attackers to arbitrarily modify users' account information.Recommendations
For PPGo Jobs version 2.8.0, consider restricting access to the
AdminController.AjaxSave() method until a patch is available to prevent arbitrary modification of users' account information.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ppgo Jobs