28 matches found
PT-2024-27739 · 14Finger · 14Finger
Name of the Vulnerable Software and Affected Versions: 14Finger version 1.1 Description: The issue allows for arbitrary user deletion through the "/api/admin/user?id" API endpoint. This endpoint is used for administrative purposes, and the vulnerability could be exploited to delete users without...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...
CVE-2024-37767
CVE-2024-37767 affects 14Finger v1.1. The issue is insecure permissions in the component "/api/admin/user", enabling an attacker to access all user information via a crafted GET request. Reported across multiple sources (NVD, Red Hat, OSV, CNNVD, CVEs lists). The underlying problem is improper ac...
CVE-2024-37768
CVE-2024-37768 affects 14Finger v1.1: an arbitrary user deletion vulnerability exists via the endpoint /api/admin/user?id. The CVE entry lists a CRITICAL impact (CVSS v3.1: 9.1) with network access, no user interaction, and no privileges required; impacts include high integrity and high availabil...
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...