Access Control Flaw in Banner System Affects User Security
CVE-2024-54359

8.2HIGH

Key Information:

Vendor

WordPress
Status
Banner System
Vendor
CVE Published:
16 December 2024

What is CVE-2024-54359?

A critical missing authorization vulnerability has been identified in the Banner System developed by Saul Morales Pacheco. This vulnerability arises due to incorrectly configured access control security levels, allowing unauthorized users to exploit the system and potentially execute unauthorized actions. This issue affects all versions of the Banner System up to 1.0.0, highlighting the urgent need for users to evaluate their security controls and apply necessary updates to mitigate potential security risks.

Affected Version(s)

Banner System 0 <= 1.0.0

References

https://patchstack.com/database/Wordpress/Plugin/banner-s...
vdb-entry

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ghsinfosec (Patchstack Alliance)
.