CVE-2024-51992

Name of the Vulnerable Software and Affected Versions Orchid Platform versions 8 through 14.42.x

Description The issue is a method exposure problem in the Orchid Platform’s asynchronous modal functionality, allowing attackers to call arbitrary methods within the Screen class. This could lead to brute force attacks on database tables, validation checks against user credentials, and disclosure of the server’s real IP address.

Recommendations For Orchid Platform versions 8 through 14.42.x, upgrade to version 14.43.0 or later to address this issue. If upgrading to version 14.43.0 is not immediately possible, implement middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters, such as the provided example middleware PreventBruteForceOnAsyncRoute.