exploitDog

GHSA-9vjw-9rq2-r5r7

Опубликовано: 07 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.

Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.

Ссылки

EPSS

Процентиль: 69%

0.006

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2024-56889

CVSS3: 7.5

nvd

около 1 года назад

Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.

EPSS

Процентиль: 69%

0.006

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-284