Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/02/05 2:23 a.m.7 views

CVE-2024-24573

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.5AI score0.00817EPSS
Exploits1References1
nvd
nvd
added 2024/01/31 11:15 p.m.20 views

CVE-2024-24573

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.6AI score0.00817EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2024/01/31 10:33 p.m.4 views

CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...

8.8CVSS8.5AI score0.00817EPSS
Exploits1References2
cve
cve
added 2024/01/31 10:33 p.m.52 views

CVE-2024-24573

CVE-2024-24573 affects facileManager (versions ≤ 4.5.0). The redacted/official descriptions indicate an elevation of privilege via mass assignment flaw: non-admin users can arbitrarily set their permissions, granting super user privileges through the profile-update flow (POST to server/fm-modules...

8.8CVSS8.5AI score0.00817EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder