Access Control Flaw in CodeAstro Complaint Management System
CVE-2024-56889

7.5HIGH

Key Information:

Vendor: CodeAstro
Status: Complaint Management System
Vendor: CVE Published:; 6 February 2025

What is CVE-2024-56889?

The CodeAstro Complaint Management System v1.0 is affected by an access control vulnerability due to improper restrictions on the /admin/m_delete.php endpoint. This flaw allows unauthorized attackers to manipulate the 'id' parameter, potentially enabling them to arbitrarily delete complaints without proper authorization. Organizations using this system should assess their vulnerability management processes to ensure they are protected against this exploitation risk.

References

https://github.com/vigneshr232/CVE-2024-56889/blob/main/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2025
Vulnerability Reserved
Jan 9, 2025