CVE-2024-37768

Name of the Vulnerable Software and Affected Versions 14Finger version 1.1

Description The issue allows for arbitrary user deletion through the "/api/admin/user?id" API endpoint. This endpoint is used for administrative purposes, and the vulnerability could be exploited to delete users without proper authorization.

Recommendations For version 1.1, consider disabling access to the "/api/admin/user?id" API endpoint until a patch is available to prevent exploitation. Restricting the use of the id parameter in this endpoint can also help minimize the risk.