PT-2024-31058 · Cemipark · Cemipark

Dariusz Goåda

Published

2024-05-09

Updated

2024-07-03

CVE-2024-4423

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CemiPark software versions 4.5, 4.7, 5.03

Description The access control in CemiPark software does not properly validate user-entered data, allowing for authentication bypass. An attacker with network access to the login panel can log in with administrator rights to the application.

Recommendations For versions 4.5, 4.7, 5.03, consider restricting access to the login panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-4423

Affected Products

Cemipark

PT-2024-31058 · Cemipark · Cemipark

CVE-2024-4423

Weakness Enumeration

Related Identifiers

Affected Products

References · 5