Lucene search
K
ShilpisoftClient Dashboard

5 matches found

CVE
CVE
added 2024/10/04 12:18 p.m.87 views

CVE-2024-47654

The issue affects Shilpi Client Dashboard (versions prior to 9.7.0). Root cause: lack of rate limiting and CAPTCHA protection for OTP requests in certain API endpoints, enabling unauthenticated attackers to flood OTP requests and cause an OTP bombing on the target system. Affected software and ve...

7.5CVSS7.6AI score0.00472EPSS
CVE
CVE
added 2024/10/04 12:15 p.m.79 views

CVE-2024-47653

CVE-2024-47653 concerns Shilpi Client Dashboard, where a lack of authorization on API endpoints allows an authenticated remote attacker to place or cancel requests, leading to unauthorized modification of another user’s requests. The issue affects API-level modification/cancellation logic (no spe...

7.1CVSS6.4AI score0.00332EPSS
CVE
CVE
added 2024/10/04 12:24 p.m.74 views

CVE-2024-47656

CVE-2024-47656 affects the Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API-based login. A remote attacker could perform a brute-force password attack and potentially gain unauthorized access to other user accounts. Several connected sources indicate aff...

9.8CVSS9.4AI score0.00488EPSS
CVE
CVE
added 2024/10/04 12:13 p.m.60 views

CVE-2024-47652

The CVE-2024-47652 entry concerns Shilpi Client Dashboard, where the login module uses inadequate authentication, allowing an attacker to access any user account by supplying that user’s mobile number. This root cause implies a high-impact authentication weakness that could lead to full account c...

8.1CVSS8.1AI score0.00402EPSS
CVE
CVE
added 2024/10/04 12:21 p.m.52 views

CVE-2024-47655

CVE-2024-47655 affects the Shilpi Client Dashboard. The issue is improper validation of files being uploaded that are not of the specified extension, allowing an authenticated remote attacker to upload a malicious file and potentially achieve remote code execution on the targeted application. The...

8.8CVSS8.8AI score0.00666EPSS