Lucene search
PRIOn knowledge basePRION:CVE-2024-24573HistoryJan 31, 2024 - 11:15 p.m.
Design/Logic Flaw
2024-01-3123:15:00
PRIOn knowledge base
www.prio-n.com
4
facilemanager
web apps
non-admins
super user privileges
post request
security flaw
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges.
| CPE | Name | Operator | Version |
|---|---|---|---|
| facilemanager | lt | 4.5.1 |
Related
cve
cve
CVE-2024-24573
2024-01-31 23:15:08
cvelist
cvelist
CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment
2024-01-31 22:33:11
nvd
nvd
CVE-2024-24573
2024-01-31 23:15:08
osv
osv
CVE-2024-24573
2024-01-31 23:15:08