CVE-2024-6426

Affected software: MESbook, version 20221021.03. Vulnerability: Information exposure via changing the application’s API value, allowing a local attacker with user privileges to access different resources. Root cause / vector: Modifying API values exposes resources that should be restricted. Impac...

PT-2024-37618 · Mesbook · Mesbook

Name of the Vulnerable Software and Affected Versions: MESbook version 20221021.03 Description: The issue is an information exposure vulnerability that could allow a local attacker with user privileges to access different resources by changing the API value of the application. Recommendations: Fo...

CVE-2024-6424

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint "/api/Proxy/Post?userName=&password=&uri=FILE|INTERNAL URL|IP/HOST" or "/api/Proxy/Get?userName=&password=&uri=ARCHIVO|URL INTERNA|IP/HOST" to re...

CVE-2024-6425 Incorrect Provision of Specified Functionality vulnerability in MESbook

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=&Password=&ConfirmPassword="...

PT-2024-37617 · Mesbook · Mesbook

Name of the Vulnerable Software and Affected Versions: MESbook version 20221021.03 Description: The issue allows an unauthenticated remote attacker to register user accounts without authentication. This can be done by accessing the "/account/Register/" route and providing parameters such as...