5 matches found
CVE-2024-47654
The issue affects Shilpi Client Dashboard (versions prior to 9.7.0). Root cause: lack of rate limiting and CAPTCHA protection for OTP requests in certain API endpoints, enabling unauthenticated attackers to flood OTP requests and cause an OTP bombing on the target system. Affected software and ve...
CVE-2024-47653
CVE-2024-47653 concerns Shilpi Client Dashboard, where a lack of authorization on API endpoints allows an authenticated remote attacker to place or cancel requests, leading to unauthorized modification of another user’s requests. The issue affects API-level modification/cancellation logic (no spe...
CVE-2024-47656
CVE-2024-47656 affects the Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API-based login. A remote attacker could perform a brute-force password attack and potentially gain unauthorized access to other user accounts. Several connected sources indicate aff...
CVE-2024-47652
The CVE-2024-47652 entry concerns Shilpi Client Dashboard, where the login module uses inadequate authentication, allowing an attacker to access any user account by supplying that user’s mobile number. This root cause implies a high-impact authentication weakness that could lead to full account c...
CVE-2024-47655
CVE-2024-47655 affects the Shilpi Client Dashboard. The issue is improper validation of files being uploaded that are not of the specified extension, allowing an authenticated remote attacker to upload a malicious file and potentially achieve remote code execution on the targeted application. The...