CVE-2024-0356 MEDIUM

CVE-2024-0356: Mandelo ssm_shiro_blog Backend updateRoles access control

Vendor Mandelo

Product ssm_shiro_blog

Weakness CWE-284

Published January 10, 2024

Last update June 3, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123.

Key dates

02Disclosure timeline

January 10, 2024 CVE published

June 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-0356 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2024-0356: Mandelo ssm_shiro_blog Backend updateRoles access control

01Description

02Disclosure timeline

03References

04Related CVE