4 matches found
CVE-2024-24573
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...
CVE-2024-24573
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...
CVE-2024-24573 facileManager Privilege Escalation via Mass Assignment
facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can...
CVE-2024-24573
CVE-2024-24573 affects facileManager (versions ≤ 4.5.0). The redacted/official descriptions indicate an elevation of privilege via mass assignment flaw: non-admin users can arbitrarily set their permissions, granting super user privileges through the profile-update flow (POST to server/fm-modules...