CVE-2024-41518

An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mecodia:feripro:*:*:*:*:*:*:*:*

History

03 Sep 2024, 20:15

Type Values Removed Values Added
References
  • {'url': 'http://feripro.com', 'tags': ['Not Applicable'], 'source': 'cve@mitre.org'}
  • {'url': 'http://mecodia.com', 'tags': ['Product'], 'source': 'cve@mitre.org'}
  • () http://feripro.de -
  • () http://mecodia.de -

30 Aug 2024, 18:16

Type Values Removed Values Added
First Time Mecodia
Mecodia feripro
References () http://feripro.com - () http://feripro.com - Not Applicable
References () http://mecodia.com - () http://mecodia.com - Product
References () https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/ - () https://piuswalter.de/blog/multiple-vulnerabilities-in-feripro/ - Third Party Advisory
CPE cpe:2.3:a:mecodia:feripro:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other

07 Aug 2024, 17:35

Type Values Removed Values Added
CWE CWE-284
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de control de acceso incorrecto en "/admin/programm//export/statistics" en Feripro &lt;= v2.2.3 permite a atacantes remotos exportar un archivo XLSX con información sobre registros y participantes.

02 Aug 2024, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 17:16

Updated : 2024-09-03 20:15


NVD link : CVE-2024-41518

Mitre link : CVE-2024-41518

CVE.ORG link : CVE-2024-41518


JSON object : View

Products Affected

mecodia

  • feripro
CWE
NVD-CWE-Other CWE-284

Improper Access Control