Products
Shilpi Client Dashboard
Source
vdisclose@cert-in.org.in
Tags
CVE-2024-47651 details
Published : Oct. 4, 2024, 12:15 p.m.
Last Modified : Oct. 4, 2024, 1:50 p.m.
Last Modified : Oct. 4, 2024, 1:50 p.m.
Description
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-235 | Improper Handling of Extra Parameters | The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount. |
References
URL | Source |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0313 | vdisclose@cert-in.org.in |
This website uses the NVD API, but is not approved or certified by it.