CRITICAL🇵🇱 Wersja polska

CVE-2024-55507

CVSS 9.8v3.1pub. 2025-01-03upd. 2025-04-03

An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-281 (Improper Preservation of Permissions) affects the delete_e.php component, which improperly manages permissions during operations. A remote attacker can send a specially crafted request to this component, resulting in unauthorized acquisition of higher privileges in the application. The vulnerability does not require prior authentication or user interaction.

Impact

An attacker can obtain elevated privileges in the system, potentially allowing complete takeover of the application, reading, modifying, or deleting data managed by the system.

Mitigation & patch

Patches available from the vendor should be applied according to references. Until the fix is implemented, it is recommended to restrict access to the delete_e.php component at the web server level (e.g., through a firewall or HTTP server rules) and monitor suspicious requests directed to this endpoint.

Who is affected

Codeastro Complaint Management System v.1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Codeastro Complaint Management System

    APP
    Codeastro
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-55509CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Codeastro Complaint Management System umożliwiający RCE i eskalację uprawnień

CVE-2024-56889HIGH7.5ten sam produkt

Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 all...

CVE-2024-55505HIGH8.8ten sam produkt

An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via th...

CVE-2024-55506HIGH8.8ten sam produkt

An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an atta...

CVE-2025-70149CRITICAL9.8PL ✓ten sam vendor

SQL Injection w Codeastro Membership Management System via parametr ID