CVE-2024-55570

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-266
View all →

Vulnerability Description

/api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access control.

Related Vulnerabilities

CVE-2024-25633

MEDIUM
CVSS:5.4(Medium)

eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in vers...

CWE-2662024

CVE-2024-50702

MEDIUM
CVSS:5.4(Medium)

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

CWE-2662024

CVE-2025-2089

MEDIUM
CVSS:5.4(Medium)

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the compo...

CWE-2662025

CVE-2025-2334

MEDIUM
CVSS:5.4(Medium)

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the comp...

CWE-2662025

CVE-2025-3967

MEDIUM
CVSS:5.4(Medium)

A vulnerability was found in itwanger paicoding 1.0.3. It has been classified as critical. This affects an unknown part of the file /article/api/post of the component Article Handler. The manipulation...

CWE-2662025

CVE-2025-4016

MEDIUM
CVSS:5.4(Medium)

A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java...

CWE-2662025