5 matches found
CVE-2024-56889
CVE-2024-56889 affects CodeAstro Complaint Management System v1.0. The vulnerability is an Incorrect access control on the endpoint /admin/m_delete.php, allowing an unauthorized attacker to arbitrarily delete complaints by modifying the id parameter. The CVSS 3.1 base score is 7.5 (High) with Net...
CVE-2024-55505
The CVE-2024-55505 entry concerns CodeAstro Complaint Management System v1.0. A vulnerability in the mess-view.php component allows a remote attacker to escalate privileges. The issue is repeatedly described across sources as a privilege-escalation in CodeAstro CMS 1.0, with no explicit root-caus...
CVE-2024-55509
The CVE-2024-55509 issue affects CodeAstro Complaint Management System v1.0. A SQL injection in the delete.php component (via the id parameter) allows a remote attacker to execute arbitrary code and escalate privileges. The primary impact described across sources is high/remote-execution with pot...
CVE-2024-55506
The provided connected sources confirm CVE-2024-55506 affects CodeAstro’s Complaint Management System v1.0, where an IDOR flaw in delete.php allows an attacker to modify the id parameter and execute arbitrary code, potentially exposing sensitive information. Affected element: the delete.php endpo...
CVE-2024-55507
CVE-2024-55507 concerns CodeAstro Complaint Management System v1.0, where the delete_e.php component enables a remote attacker to escalate privileges. The CVSSv3.1 base score is 9.8 (CRITICAL) with network access, low attack complexity, and no user interaction required. Affected product is CodeAs...