Lucene search
+L

28 matches found

ptsecurity
ptsecurity
added 2024/07/05 12:0 a.m.5 views

PT-2024-27739 · 14Finger · 14Finger

Name of the Vulnerable Software and Affected Versions: 14Finger version 1.1 Description: The issue allows for arbitrary user deletion through the "/api/admin/user?id" API endpoint. This endpoint is used for administrative purposes, and the vulnerability could be exploited to delete users without...

9.1CVSS6.9AI score0.00572EPSS
Exploits1References7
vulnrichment
vulnrichment
added 2024/07/05 12:0 a.m.17 views

CVE-2024-37769

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...

7AI score0.00459EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2024/07/05 12:0 a.m.13 views

CVE-2024-37767

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...

6.5AI score0.00396EPSS
Exploits1References1
cve
cve
added 2024/07/05 12:0 a.m.95 views

CVE-2024-37767

CVE-2024-37767 affects 14Finger v1.1. The issue is insecure permissions in the component "/api/admin/user", enabling an attacker to access all user information via a crafted GET request. Reported across multiple sources (NVD, Red Hat, OSV, CNNVD, CVEs lists). The underlying problem is improper ac...

7.5CVSS6.7AI score0.00396EPSS
Exploits1References1Affected Software1
cve
cve
added 2024/07/05 12:0 a.m.92 views

CVE-2024-37768

CVE-2024-37768 affects 14Finger v1.1: an arbitrary user deletion vulnerability exists via the endpoint /api/admin/user?id. The CVE entry lists a CRITICAL impact (CVSS v3.1: 9.1) with network access, no user interaction, and no privileges required; impacts include high integrity and high availabil...

9.1CVSS7.7AI score0.00572EPSS
Exploits1References1Affected Software1
osv
osv
added 2024/07/05 12:0 a.m.4 views

CVE-2024-37767

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...

7.5CVSS6AI score0.00396EPSS
Exploits1References3
osv
osv
added 2024/07/05 12:0 a.m.15 views

CVE-2024-37769

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...

8.8CVSS7AI score0.00459EPSS
Exploits1References3
osv
osv
added 2024/07/05 12:0 a.m.18 views

CVE-2024-37768

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...

9.1CVSS7.4AI score0.00572EPSS
Exploits1References3
Rows per page
Query Builder