Web Vulnerability Report
| ID | EDB-ID-50473 |
| CVSS 3.0 | N/A |
|
Cloudbric Score
?
|
Medium |
| Cloudbric Detection | Yes |
| Vulnerability Type | Application Logic Flaw |
| Published Date | 2021-11-02 |
| Updated Date | 2022-01-14 |
| Vendor | 5.2.0 |
| Description | The application doesn't allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account with 'viewer' or 'operator' permissions has been added by the default admin user 'i3admin', a PUT request can be issued calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account. |
| Reference | N/A |
| URL Link | https://www.exploit-db.com/exploits/50473/ |
This vulnerability has been detected by Cloudbric!
Block NOW!
| ID | Description | Vulnerability Type |
Cloudbric Score
?
|
Updated Date | Detection |
|---|
To receive weekly updates on new vulnerabilities added to Threat Index
Subscribe Now