Escalation of Privileges Vulnerability in Sanluan PublicCMS
CVE-2024-31759

8.8HIGH

Key Information:

Vendor: Sanluan
Status: Publiccms
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-31759?

A security issue has been identified in Sanluan PublicCMS v.4.0.202302.e that allows attackers to escalate their privileges through a flaw in the change password function. This vulnerability can potentially enable unauthorized users to gain access and control, posing significant risks to data integrity and confidentiality. It is crucial for users of PublicCMS to upgrade to the latest release and apply necessary patches to mitigate this risk.

References

https://github.com/menghaining/PoC/blob/main/PublicCMS/pu...

https://1drv.ms/v/s%21AmTWEcd1YDpUjgoJ8lkA8pN8zYEJ?e=gIlbGf

https://gist.github.com/menghaining/8d424faebfe869c80eada...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024

CVE-2024-31759 Data

JSON