Back

CVE-2024-47651

Oct. 4, 2024, 1:50 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Shilpi Client Dashboard

Source

vdisclose@cert-in.org.in

Tags

vdisclose@cert-in.org.in
2024-10-04
CVE-2024-47651
CWE-235

CVE-2024-47651 details

Published : Oct. 4, 2024, 12:15 p.m.
Last Modified : Oct. 4, 2024, 1:50 p.m.

Description

This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-235 Improper Handling of Extra Parameters The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.

References

URL Source
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313 vdisclose@cert-in.org.in
This website uses the NVD API, but is not approved or certified by it.