PT-2024-36534 · Codeastro · Complaint Management System

Harish Kumar

Published

2024-12-18

Updated

2024-12-26

CVE-2024-55506

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeAstro's Complaint Management System version 1.0

Description An IDOR issue in the Complaint Management System enables an attacker to execute arbitrary code and obtain sensitive information. This is achieved via the delete.php file by modifying the id parameter.

Recommendations For CodeAstro's Complaint Management System version 1.0, consider disabling access to the delete.php file as a temporary workaround until a patch is available. Restrict modification of the id parameter to minimize the risk of exploitation.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2024-55506

Affected Products

Complaint Management System

PT-2024-36534 · Codeastro · Complaint Management System

CVE-2024-55506

Weakness Enumeration

Related Identifiers

Affected Products

References · 6