CVE-2024-46635

Oct. 4, 2024, 1:51 p.m.

None
No Score

Description

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter.

Product(s) Impacted

Product Versions
INROAD
  • ['before v202402060']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://hithub.notion.site/Sensitive-Information-Disclosure-in-GongZhiDao-System-aaad25d2430f4a638d462194cfa87c8b

Tags

cve@mitre.org
2024-09-30
CVE-2024-46635

Timeline

Published: Sept. 30, 2024, 6:15 p.m.
Last Modified: Oct. 4, 2024, 1:51 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.