CVE-2024-47653 HIGH

CVE-2024-47653: Missing Authorization Vulnerability

Vendor Shilpi Computers
Product Client Dashboard
Weakness CWE-266
Published October 4, 2024
Last update October 4, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N

What the vulnerability does

01Description

This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to unauthorized modification of requests belonging to the other users.

Key dates

02Disclosure timeline

October 4, 2024 CVE published
October 4, 2024 Record updated