CVE-2024-47651 Vulnerability Details

  /     /     /  

CVE-2024-47651 Metadata Quick Info

CVE Published: 04/10/2024 | CVE Updated: 04/10/2024 | CVE Year: 2024
Source: CERT-In | Vendor: Shilpi Computers | Product: Client Dashboard
Status : PUBLISHED

CVE-2024-47651 Description

This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple “userid” parameters in the API request body leading to unauthorized access of sensitive information belonging to other users.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-235
CWE Name: CWE-235: Improper Handling of Extra Parameters
Source: Shilpi Computers

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-460
CAPEC Description: CAPEC-460: HTTP Parameter Pollution (HPP)


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-47651 Vulnerability Details