How severe is CVE-2024-51992?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2024-51992?

This is classified as CWE-749, which is a common weakness in software security.

CVE-2024-51992

MEDIUM Year: 2024

CVSS v3 Score

4.1

Medium

Weakness Type

CWE-749

View all →

Vulnerability Description

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform’s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the `Screen` class, leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server’s real IP address. The issue has been patched in the latest release, version 14.43.0, released on November 6, 2024. Users should upgrade to version 14.43.0 or later to address this vulnerability. If upgrading to version 14.43.0 is not immediately possible, users can mitigate the vulnerability by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters.

CVE-2018-8949

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an ...

CWE-7492018

CVE-2010-0738

MEDIUM

CVSS:5.3(Medium)

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for th...

CWE-7492010

CVE-2025-24361

MEDIUM

CVSS:5.3(Medium)

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the...

CWE-7492025

CVE-2020-12912

MEDIUM

CVSS:5.5(Medium)

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. ...

CWE-7492020

CVE-2020-27123

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the under...

CWE-7492020

CVE-2023-39495

MEDIUM

CVSS:5.5(Medium)

PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installa...

CWE-7492023

CVE-2024-51992

Vulnerability Description

Related Vulnerabilities

CVE-2018-8949

CVE-2010-0738

CVE-2025-24361

CVE-2020-12912

CVE-2020-27123

CVE-2023-39495