PT-2024-31891 · Unknown · Openvidreview
Published
2024-11-27
·
Updated
2025-05-15
·
CVE-2024-46054
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenVidReview version 1.0
Description
The issue concerns incorrect access control. Specifically, the "/upload" API endpoint is accessible without authentication, allowing any user to upload files.
Recommendations
For OpenVidReview version 1.0, consider restricting access to the "/upload" endpoint to require authentication before allowing file uploads. As a temporary workaround, disabling the upload functionality until a proper fix is implemented can help minimize the risk of exploitation.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openvidreview