Skip to content

fbkcs/CVE-2024-25270

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-25270

A security misconfiguration vulnerability exists in the LMS Mirapolis verison 4.6.XX (maybe later) due to a default misconfiguration.

An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability by manipulating ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.

Researcher: Vadim Golovanov

Issue date: 2024-01-29 (Initial Advisory)

Public release: 2024-09-10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v3.1 Score (BS): 4.3 (Medium)

About

IDOR vulnerability in MIRAPOLIS LMS 4.6.X.X

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published