Web Vulnerability Report

Vulnerability Index
ID EDB-ID-50473
CVSS 3.0 N/A
Cloudbric Score
?
Medium
Cloudbric Detection Yes
Vulnerability Type Application Logic Flaw
Published Date 2021-11-02
Updated Date 2022-01-14
Vendor 5.2.0
Description The application doesn't allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account with 'viewer' or 'operator' permissions has been added by the default admin user 'i3admin', a PUT request can be issued calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.
Reference N/A
URL Link
Threat Index Table
ID Description Vulnerability Type
Cloudbric Score
?
Updated Date Detection

To receive weekly updates on new vulnerabilities added to Threat Index

Subscribe Now