CVE-2024-12483

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 285
CWE ID 639

Summary

CVE-2024-12483 is a newly identified vulnerability affecting Dromara UJCMS versions up to 9.6.3. This issue lies in the User ID Handler component and involves manipulation of the /users/id file. By successfully exploiting this flaw, an attacker can bypass authorization checks remotely. With a high complexity and difficult exploitability, this vulnerability poses a significant risk, as the exploit has already been disclosed to the public.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share