Products
TechExcel Back Office Software
- before 1.0.0
Source
vdisclose@cert-in.org.in
Tags
CVE-2024-8601 details
Published : Sept. 9, 2024, 10:15 a.m.
Last Modified : Sept. 9, 2024, 1:03 p.m.
Last Modified : Sept. 9, 2024, 1:03 p.m.
Description
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized access to sensitive information belonging to other users.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-639 | Authorization Bypass Through User-Controlled Key | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
References
URL | Source |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0285 | vdisclose@cert-in.org.in |
This website uses the NVD API, but is not approved or certified by it.