Lucene search
K

FXServer < v9601 - Information Exposure

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 95 Views

FXServer v9601 Information Exposure - Unauthenticated users can read and modify userdata via exposed api endpoint

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2024-46310
28 Aug 202419:36
githubexploit
GithubExploit
Exploit for CVE-2024-46310
28 Aug 202419:36
githubexploit
GithubExploit
Exploit for CVE-2024-46310
28 Aug 202419:36
githubexploit
BDU FSTEC
The vulnerability of the wpDiscuz plugin of the WordPress content management system allows attackers to compromise data integrity.
29 Oct 202400:00
bdu_fstec
Circl
CVE-2024-46310
7 Oct 202404:26
circl
CNNVD
Cfx.re FXServer 安全漏洞
13 Jan 202500:00
cnnvd
CVE
CVE-2024-46310
13 Jan 202500:00
cve
Cvelist
CVE-2024-46310
13 Jan 202500:00
cvelist
NVD
CVE-2024-46310
13 Jan 202519:15
nvd
Positive Technologies
PT-2024-7359
4 Jun 202400:00
ptsecurity
Rows per page
id: CVE-2024-46310

info:
  name: FXServer < v9601 - Information Exposure
  author: s4e-io
  severity: medium
  description: |
    Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint.
  impact: |
    Unauthenticated users can access and modify sensitive userdata including player identifiers and connection information.
  remediation: |
    Update FXServer to a version later than v9601 that patches the access control vulnerability.
  reference:
    - https://github.com/UwUtisum/CVE-2024-46310
    - https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-46310
    - https://vulners.com/githubexploit/D31ED8EC-1E21-54F9-AD42-778DAFBC8B4E
  classification:
    epss-score: 0.02393
    epss-percentile: 0.81972
  metadata:
    verified: true
    max-request: 1
    vendor: fxserver
    product: fxserver
  tags: cve,cve2024,fxserver,info-leak,vuln

http:
  - raw:
      - |
        GET /players.json HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"endpoint", "id", "identifiers", "name", "ping")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a004730450220792e58187245662c6da03d027948dd9660a0d71cfa7e335f8a819cdc056c2511022100c747785a8e64f6ccc45049256945911e238e453cf013829ebf89aa2082805050:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.19.1
EPSS0.02393
SSVC
95